Cara Deface Poc OJS (OPEN JOURNALS SYSTEM) - 2019

Cara Deface Poc OJS (OPEN JOURNALS SYSTEM) - 2019



Hmm

Dork :
• intext:Journal "new submission"
 • inurl:/index.php/index/user/register
 • intext:about submission "Journal"
  • inurl:/index.php/ojs

-Script Deface / Shell Backdoor (extensi phtml)




Dorking Doeloe

Pilih web yg sekiranya vuln



Isi formulir dgn benar/ngawur terserah anda

Jgn lupa

Uncontreng semua pilihan seperti di ss diatas dan contreng yg hanya author!
setelah itu klik save continue atau apalah yg continue:v
nanti bakal diarahkan kesebuah dashboard dan


Setelah itu cari tulisan "Start A New Submission"



Setelah itu isi semua formulir yg disuruh dan langsung klik "Save And Continue"

Setelah itu akan ada form upload dan upload shell kalian dgn extensi phtml


Karna disini website yg saya ojs tidak support phtml atau tidak terbaca shell tapi txt atau html maka saya upload html!

Setelah upload file maka tampilan akan seprti itu setelah itu tinggal cari akses shell kalian

Penjelasan :
Filename : 4-4-1-SM.phtml
4 = id user kamu

Contoh
http://site.com/files/journals/1/articles/[iduser]/submission/original/namashellkalian.phtml

jadinya
http://site.com/files/journals/1/articles/4/submission/original/4-4-1-SM.phtml

HASIL SAYA:

LIVE TARGET YG SAYA OJS :
http://www.wphes-journal.eu/site/files/journals/1/articles/580/submission/original/580-784-6-SM.html

Silahkan Comment Apabila Ada Yg Ditanyakan Dan Juga Di Share Apabila Diperlukan..

11 Responses to "Cara Deface Poc OJS (OPEN JOURNALS SYSTEM) - 2019"

  1. The speed at which your site loads is very important. Firstly, a fast loading site will have your readers stick around longer. Joomla Web Support

    ReplyDelete
  2. A very awesome blog post. We are really grateful for your blog post. You will find a lot of approaches after visiting your post. I was exactly searching for. Thanks for such post and please keep it up https://serverbrowse.com/

    ReplyDelete
  3. Thanks for posting this info. I just want to let you know that I just check out your site and I find it very interesting and informative. I can't wait to read lots of your posts. Vancouver SEO Company

    ReplyDelete
  4. Really nice and interesting post. I was looking for this kind of information and enjoyed reading this one. Keep posting. Thanks for sharing. custom lapel pins

    ReplyDelete
  5. Along these lines, on the off chance that you need to err on the side of caution, you might need to recruit the administrations of an expert drywallers.io

    ReplyDelete
  6. Merely a smiling visitant here to share the love (:, btw outstanding style. Best SEO Services In Pakistan

    ReplyDelete
  7. Hi there! Nice stuff, do keep me posted when you post again something like this! we buy your house

    ReplyDelete
  8. Pretty nice post. I just stumbled upon your weblog and wanted to say that I have really enjoyed browsing your blog posts. After all I’ll be subscribing to your feed and I hope you write again soon! source

    ReplyDelete
  9. Good artcile, but it would be better if in future you can share more about this subject. Keep posting. textbook answers

    ReplyDelete
  10. Fabulous post, you have denoted out some fantastic points, I likewise think this s a very wonderful website. I will visit again for more quality contents and also, recommend this site to all. Thanks. 토토커뮤니티

    ReplyDelete

Berkomentar dengan bijak dan sopan adalah salah satu cara agar cepat direspon oleh admin

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel