Labels

Powered by Blogger.

ur-solution

chase what you want

Joomla Social Remote Code Excution

Joomla Social Remote Code Excution Dork :use ur imagination Apk Joomla Social Remote code execution : here shell backdoor kalian bisa...

Search This Blog

Blog Archive

Categories

backdoor (2) Deface (3) Tutorials (3)

Blogger templates

Blogger news

ngewek

haha

Recent Posts

About

Home » , » Responsive FileManager Bypass File Upload

Responsive FileManager Bypass File Upload

No comments

Responsive FileManager Bypass File Upload


dork:inurl:"/tinymce/plugins/filemanager/" site:nl
     "/plugins/filemanager/" ext:pdf
exploit :/filemanager/dialog.php 


Langsung saja
Kalau sudah dapet filemanager hasil dorking dan kalian upload file ext php,php.fla,php.accdb dan hasilnya nihil atau muncul pesan "File extension is not allowed."


Kini kalian bisa coba bypass file upload dengan CSRF (Cross-site Request Forgery) dengan parameter "file"
ganti "/filemanager/dialog.php" menjadi "/filemanager/upload.php"
dan cara cek kalau bisa di bypass maka akan blank seperti di gambar 


Langsung masuk ke CSRF Nya 
Masukan site nya 

example :site.com/plugins/filemanager/upload.php
parameter :file

dan upload file mu
akses filemu di /filemanager/urfile.php.gif

*Tidak semua site yang bisa di bypass seperti ini

Sekian Dari saya Thanks For Visit :D






Share:

No comments:

Post a Comment