IDCA Blog's

Knowledge is Free | We Share To Everywhere

Sunday, July 7, 2013

Exploit FileChucker File Upload Vulnerability

3:59 PM Defacing , 13 Comments
Assalamualaikum...

Menjelang datangnya bulan Ramadhan, sebelumnya saya selaku Admin mohon maaf jika ada salah dan khilaf yah,, mungkin emang saya sengaja maupun tidak :)

Oke, saya lanjut berbagi lagi :) disimak aja ;) yah bisa dah sekedar nambahin unique deface di Arsip :D

Dork :
inurl:/cgi-bin/filechucker.cgi
intext:Toptown File Upload
inurl:/cgi-bin/filechucker.pl
intext:File Upload by Encodable


Ayo mulai :) Silahkan sobat mencari target di google dengan menggunakan Dork diatas..


Disini saya sudah menemukan targetnya, yaitu : http://toptown.co.uk/cgi-bin/filechucker.cgi


Kemudian silahkan sobat isi yang perlu diisi filednya :) dan browse jg file depesan sobat :)



Setelah itu klik Begin Upload.. Nah, tunggu aja hasilnya :)
Note: File yang bisa diupload yaitu .htm, .html, .txt, .jpg, .gif


Dan langsung buka file depesan yg sudah diupload tadi : http://site.com/upload/files/file_mu


Sekian tutorialnya yah,, maaf kalo masih acak2an :) yang penting bisa bermanfaat :)
Wassalam,,

Demo :  
http://exhibitfoundryfiles.com/upload/files/idca.html
http://ableprintingco.com/upload/files/idca.html


http://toptown.co.uk/upload/files/idca.html

Content Creator : Onix AQua



By di
Label:

13 comments:

  1. ElNeuVendettaJuly 7, 2013 at 4:17 PM

    Kalo upload shell.php.jpg pake plugin di mozilla bisa gak?

    ReplyDelete
  2. Ø··ĝŘΔĉİŐ··ØJuly 7, 2013 at 11:14 PM

    Dicoba..... :d

    ReplyDelete
  3. UnknownJuly 11, 2013 at 1:21 AM

    bang kok gk bisa hasilnya malah gini http://www.bellblue.com/cgi-bin/filechucker.cgi?action=uploadcomplete&serial=1b0191f5f4752a6260a4d94fb38b7991e5637d10&numfiles=1&elapsedsecs=6&totalsize=21574&somefileswereblocked=&f1name=densus_3.txt&f1urlpath=%2f&f1size=20638&top_ff_title=Please%20enter%20the%20following%20information%3a&ff01n=Name%3a&ff01v=rizky&ff02n=Company%3a&ff02v=Team%20IDCA&ff03n=Phone%3a&ff03v=085624666022&ff04n=Email%20Address%3a&ff04v=rizkyputra71%40gmail.com&ff05n=File%20Instructions%3a&ff05v=hello%20%3a)%20i'm%20just%20test%20you%20%3aD

    ReplyDelete
  4. UnknownJuly 11, 2013 at 1:23 AM

    kok gini hasinya ? http://www.bellblue.com/upload/files/densus_3.txt

    ReplyDelete
  5. UnknownJuly 31, 2013 at 5:17 AM

    bANG gAN ITU DISITU DISURUH ISI EMAIL,,,,NAH TRUS KALO KETANGKAP POLISI EMAIL KITA GIMANA GAN,,,KAN DILACAK

    ReplyDelete
    Replies
    1. UnknownAugust 10, 2013 at 1:24 AM

      :)) iya gan kwkwkkw dilacak :>),,, klw dah dilacak terus digembok,,, klw dah digembok,, kekunci tuh akun kwkakakakak =))

      #Geli bacanya

      Delete
    2. UnknownAugust 10, 2013 at 1:25 AM

      entar tunggu densus 88 nangkep ente :>)

      Delete
  6. UnknownAugust 5, 2013 at 6:25 AM

    :-d

    ReplyDelete
  7. UnknownAugust 6, 2013 at 8:20 PM

    http://www.victorptg.com/cgi-bin/filechucker.pl?juststatus&serial=b7e9470b76300e33e3ebaca7229ba928a942bd7e

    ReplyDelete
  8. UnknownAugust 10, 2013 at 12:38 PM

    kata admin sits nya ente gk bisa uploud kasihan delooo

    gimana tuh

    ReplyDelete
  9. sobsngans journeyAugust 18, 2013 at 9:00 PM

    Tutornya Berhasil Gan

    8-)

    ReplyDelete
  10. UnknownAugust 21, 2013 at 10:00 PM

    gan, kalau cari target web tertentu gmna gan? kalau misalnya target domain .my gmna?

    ReplyDelete
  11. UnknownNovember 17, 2014 at 1:13 PM

    Bagi Shell nya Um :d Kalo Bisa Shell IDCA :d

    ReplyDelete

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)