Cara Deface Poc OJS (OPEN JOURNALS SYSTEM) - 2019

Author - personlove$pecial
June 28, 2019
6
Cara Deface Poc OJS (OPEN JOURNALS SYSTEM) - 2019

Hmm

Dork :
• intext:Journal "new submission"
 • inurl:/index.php/index/user/register
 • intext:about submission "Journal"
  • inurl:/index.php/ojs

-Script Deface / Shell Backdoor (extensi phtml)




Dorking Doeloe

Pilih web yg sekiranya vuln



Isi formulir dgn benar/ngawur terserah anda

Jgn lupa

Uncontreng semua pilihan seperti di ss diatas dan contreng yg hanya author!
setelah itu klik save continue atau apalah yg continue:v
nanti bakal diarahkan kesebuah dashboard dan


Setelah itu cari tulisan "Start A New Submission"



Setelah itu isi semua formulir yg disuruh dan langsung klik "Save And Continue"

Setelah itu akan ada form upload dan upload shell kalian dgn extensi phtml


Karna disini website yg saya ojs tidak support phtml atau tidak terbaca shell tapi txt atau html maka saya upload html!

Setelah upload file maka tampilan akan seprti itu setelah itu tinggal cari akses shell kalian

Penjelasan :
Filename : 4-4-1-SM.phtml
4 = id user kamu

Contoh
http://site.com/files/journals/1/articles/[iduser]/submission/original/namashellkalian.phtml

jadinya
http://site.com/files/journals/1/articles/4/submission/original/4-4-1-SM.phtml

HASIL SAYA:

LIVE TARGET YG SAYA OJS :
http://www.wphes-journal.eu/site/files/journals/1/articles/580/submission/original/580-784-6-SM.html

Silahkan Comment Apabila Ada Yg Ditanyakan Dan Juga Di Share Apabila Diperlukan..

Tags
love$pecial

love$pecial

just sharing up today not sciencist im just n00b searchers.

    You may like these posts

    Show more

    Post a Comment

    6Comments

    Berkomentar dengan bijak dan sopan adalah salah satu cara agar cepat direspon oleh admin

    1. amnaApril 2, 2020 at 3:44 AM

      The speed at which your site loads is very important. Firstly, a fast loading site will have your readers stick around longer. Joomla Web Support

      ReplyDelete
    2. M. TahaAugust 19, 2020 at 10:55 PM

      Thanks for posting this info. I just want to let you know that I just check out your site and I find it very interesting and informative. I can't wait to read lots of your posts. Vancouver SEO Company

      ReplyDelete
    3. zakkiduaOctober 6, 2020 at 8:39 AM

      Along these lines, on the off chance that you need to err on the side of caution, you might need to recruit the administrations of an expert drywallers.io

      ReplyDelete
    4. miracle springApril 29, 2021 at 12:44 PM

      Merely a smiling visitant here to share the love (:, btw outstanding style. Best SEO Services In Pakistan

      ReplyDelete
    5. AUTMNSeptember 9, 2021 at 9:16 AM

      Good artcile, but it would be better if in future you can share more about this subject. Keep posting. textbook answers

      ReplyDelete
    6. riderOctober 26, 2021 at 12:54 PM

      Fabulous post, you have denoted out some fantastic points, I likewise think this s a very wonderful website. I will visit again for more quality contents and also, recommend this site to all. Thanks. 토토커뮤니티

      ReplyDelete
    Post a Comment
    Share to other apps
    Copy Post Link