CMS Anch Technologies Login Vulnerability UPLOAD SHELL !

===============================
{+} Dork :
  • "Powered by Anch Technologies." (search di browser)


{+} Exploit :
  • /admin
  • Contoh : site.com/admin
{+} Proof Of Concept :


  1. Saat sudah di admin login seperti gambar diatas, masukan
     '=''or' atau ' or 1=1 limit 1 -- -+ pada kolom username dan passwordnya lalu klik login.

  2. Jika sudah di dashboard admin seperti gambar diatas, upload shell / akses pada foto profile admin.

  3. Upload shell dengan ext .php / .phtml
  4. Jika ada gambar rusak, klik kanan lalu
    " Open image in new tab "

  5. Shell sudah ter upload :)

    LIVE TARGET : http://skynetbusinesssolution.com

===============================

Komentar