Exploit Title : KCFinder File Upload In PhpJabbers
Author : ice-cream - khunerable
Vendor Homepage : http://www.phpjabbers.com/
Vendor Github : -
Date : 10 dec 2017
Tested on : Ubuntu 16.04.2 LTS ( BackBox ), Windows 7
-------------------------------------------------------------
Dork : inurl:/cms/app/web/
Bug Victim : http://localhost/[path]/core/libs/kcfinder/browse.php
Example : https://www.hardyfarmspeanuts.com/cms/core/libs/kcfinder/browse.php
POC :
[-] Upload Ur Shell [.php.fla] or [.php3]
[-] if done, u can access full ur backdoor [ NB : not all web's can upload .php.fla or .php3]
Path Shell : http://localhost/[path]/app/web/upload/files/urshell.php
THNK'S TO : Pak Haxor - Grac3 - Lastc0de - KONSLET - SPEEDY03 - AnoaGhost And All Typical Idiot Security Member's
Dork lainya
Dork : Copyright © 2017 PHPJabbers.com intitle:Stiva Blog Script by PHPJabbers.com
# intitle:Yellow Pages Script by PHPJabbers.com intext:ADMIN LOGIN
# intitle:Member Login Script by PHPJabbers.com intext:ADMIN LOGIN
# intitle:Knowledge Base Builder script by PHPJabbers.com intext:ADMIN LOGIN
# intitle:Simple CMS | Login intext:ADMIN LOGIN
# PHP Scripts Copyright © 2017 StivaSoft Ltd
# inurl:content/index.php? intext:ADMIN LOGIN
# inurl:/SimpleCMS intext:ADMIN LOGIN
# inurl:webCMS/index.php? intext:ADMIN LOGIN
# inurl:/visualVerge-Programs/webCMS/
# Powered by Sytek intext:ADMIN LOGIN
# inurl:/app/web/img/
# inurl:/app/web/upload/files/
Tidak ada komentar:
Posting Komentar