WordPress Editor Monkey suffers from
a remote shell upload vulnerability.
wah keren nih si kaMtiEz dah lama g jalan2 di
packet storm, tadi lagi jalan2 di packet storm
dapet ginian, lumayan bwt tambah pengalaman hehehe...
langsung aja cekidot!!!
skr praktek :
dork google ==> inurl:/plugins/editormonkey/
[ Vulnerable File ]
[patch]/wp-content/plugins/editormonkey/fckeditor/editor/filemanager/upload/test.html
[ Shell ]
[patch]/UserFiles/file-yg-km-upload.txt
[ demo ]
yang hoby deface dan mau masuk urutan teratas zone-h pake
ini biar cpt dpt korban
mumpung para adminnya blm pada patch sitenya ;))
nb:
Select the "File Uploader" to use:
==> ganti dengan PHP
Upload a new file:
==> browse dmn file km di simpen, td ane pm kaMtiEz
sih katanya .txt
kl ada tulisan kek gini:
Warning: move_uploaded_file(xxxxxxxxxxxxxxxxxxxxxxxxxx
==>anda blm beruntung, coba lagi =)) anda berarti g bs di upload file
1 komentar:
test
Posting Komentar