Cara Deface Poc OJS (OPEN JOURNALS SYSTEM) - 2019
Cara Deface Poc OJS (OPEN JOURNALS SYSTEM) - 2019
Hmm
Dork :
• intext:Journal "new submission"
• inurl:/index.php/index/user/register
• intext:about submission "Journal"
Hmm
Dork :
• intext:Journal "new submission"
• inurl:/index.php/index/user/register
• intext:about submission "Journal"
• inurl:/index.php/ojs
-Script Deface / Shell Backdoor (extensi phtml)
Dorking Doeloe
Pilih web yg sekiranya vuln
Isi formulir dgn benar/ngawur terserah anda
Jgn lupa
Uncontreng semua pilihan seperti di ss diatas dan contreng yg hanya author!
setelah itu klik save continue atau apalah yg continue:v
nanti bakal diarahkan kesebuah dashboard dan
setelah itu klik save continue atau apalah yg continue:v
nanti bakal diarahkan kesebuah dashboard dan
Setelah itu cari tulisan "Start A New Submission"
Setelah itu isi semua formulir yg disuruh dan langsung klik "Save And Continue"
Setelah itu akan ada form upload dan upload shell kalian dgn extensi phtml
Karna disini website yg saya ojs tidak support phtml atau tidak terbaca shell tapi txt atau html maka saya upload html!
Setelah upload file maka tampilan akan seprti itu setelah itu tinggal cari akses shell kalian
Penjelasan :
Filename : 4-4-1-SM.phtml
4 = id user kamu
Contoh
http://site.com/files/journals/1/articles/[iduser]/submission/original/namashellkalian.phtml
jadinya
http://site.com/files/journals/1/articles/4/submission/original/4-4-1-SM.phtml
Filename : 4-4-1-SM.phtml
4 = id user kamu
Contoh
http://site.com/files/journals/1/articles/[iduser]/submission/original/namashellkalian.phtml
jadinya
http://site.com/files/journals/1/articles/4/submission/original/4-4-1-SM.phtml
HASIL SAYA:
LIVE TARGET YG SAYA OJS :
http://www.wphes-journal.eu/site/files/journals/1/articles/580/submission/original/580-784-6-SM.html
Silahkan Comment Apabila Ada Yg Ditanyakan Dan Juga Di Share Apabila Diperlukan..
Silahkan Comment Apabila Ada Yg Ditanyakan Dan Juga Di Share Apabila Diperlukan..
The speed at which your site loads is very important. Firstly, a fast loading site will have your readers stick around longer. Joomla Web Support
ReplyDeleteA very awesome blog post. We are really grateful for your blog post. You will find a lot of approaches after visiting your post. I was exactly searching for. Thanks for such post and please keep it up https://serverbrowse.com/
ReplyDeleteThanks for posting this info. I just want to let you know that I just check out your site and I find it very interesting and informative. I can't wait to read lots of your posts. Vancouver SEO Company
ReplyDeleteReally nice and interesting post. I was looking for this kind of information and enjoyed reading this one. Keep posting. Thanks for sharing. custom lapel pins
ReplyDeletehttps://strongarticless.blogspot.com/2020/10/dr-beauty-cosmet.html
ReplyDeleteAlong these lines, on the off chance that you need to err on the side of caution, you might need to recruit the administrations of an expert drywallers.io
ReplyDeleteMerely a smiling visitant here to share the love (:, btw outstanding style. Best SEO Services In Pakistan
ReplyDeleteHi there! Nice stuff, do keep me posted when you post again something like this! we buy your house
ReplyDeletePretty nice post. I just stumbled upon your weblog and wanted to say that I have really enjoyed browsing your blog posts. After all I’ll be subscribing to your feed and I hope you write again soon! source
ReplyDeleteGood artcile, but it would be better if in future you can share more about this subject. Keep posting. textbook answers
ReplyDeleteFabulous post, you have denoted out some fantastic points, I likewise think this s a very wonderful website. I will visit again for more quality contents and also, recommend this site to all. Thanks. 토토커뮤니티
ReplyDelete