Maaf, situs ini tidak berfungsi dengan baik tanpa JavaScript.

[POC] Vulnerability Simplicity Of Upload

Oleh chmood

Selasa, September 01, 2015 Rabu, September 02, 2015

Assalamualaikum sahabat T.I Sniper

Sudah lama gak posting di sini, kali ini masih seputar DEFACE WEBSITE aja lah hehe.

Sesuai judul di atas, mari kita bahas bersama aja

Simplycity Of Upload, terdengar sangat hebat bukan ? haha.

Mendapatkan ini selal tidak sengaja, karena saya hanya memakai dork yang lumanyun.

#Step 1:

Dork: “Powered By: © Simplicity oF Upload”

#Step 2:

Exploit: http://[situstargetkamu]/PATH/upload.php

*Tergantung dengan target.

#Step 3:

Allowed file: gif, jpg, png, txt, php, asp, cgi, zip, exe, mp3, etc (not allowed for html)

#Step 4:

Preview: http://[situstargetkamu]/upload/[Your File]

#Step 5: Live Demo:

http://www.railfaneurope.net/pix/upload.php

http://www.formplas.com/upload/upload.php

*Di google masih banyak kok

Nah, saya kira cukup segitu aja kok, karena mudah tuh tutorial nya.

Kalau masih ada yang bingung ? komen aja, nanti langsung saya bales

Keep spirit brothers.

Sekian dulu ya, semoga berhasil semua

Wassalamualaikum..

Category

Postingan Lebih Baru Postingan Lama


      <!-- Yandex.RTB R-A-4210410-1 -->
<script>
window.yaContextCb.push(()=>{
	Ya.Context.AdvManager.render({
		"blockId": "R-A-4210410-1",
		"type": "topAd"
	})
})
</script>
      <!-- Yandex.Metrika counter -->
<script type="text/javascript" >
   (function(m,e,t,r,i,k,a){m[i]=m[i]||function(){(m[i].a=m[i].a||[]).push(arguments)};
   m[i].l=1*new Date();
   for (var j = 0; j < document.scripts.length; j++) {if (document.scripts[j].src === r) { return; }}
   k=e.createElement(t),a=e.getElementsByTagName(t)[0],k.async=1,k.src=r,a.parentNode.insertBefore(k,a)})
   (window, document, "script", "https://mc.yandex.ru/metrika/tag.js", "ym");

   ym(98340032, "init", {
        clickmap:true,
        trackLinks:true,
        accurateTrackBounce:true,
        webvisor:true
   });
</script>
<noscript><div><img src="https://mc.yandex.ru/watch/98340032" style="position:absolute; left:-9999px;" alt="" /></div></noscript>
<!-- /Yandex.Metrika counter -->
    
<script type="text/javascript" src="https://www.blogger.com/static/v1/widgets/1926661341-widgets.js"></script>
<script type='text/javascript'>
window['__wavt'] = 'AOuZoY78b9Td_DcGMMTEAhZna9ceQGezHQ:1729567084226';_WidgetManager._Init('//www.blogger.com/rearrange?blogID\x3d6591049221521879804','//www.75n1.net/2015/09/poc-vulnerability-simplicity-of-upload.html','6591049221521879804');
_WidgetManager._SetDataContext([{'name': 'blog', 'data': {'blogId': '6591049221521879804', 'title': 'Artificial Intelligence', 'url': 'https://www.75n1.net/2015/09/poc-vulnerability-simplicity-of-upload.html', 'canonicalUrl': 'https://www.75n1.net/2015/09/poc-vulnerability-simplicity-of-upload.html', 'homepageUrl': 'https://www.75n1.net/', 'searchUrl': 'https://www.75n1.net/search', 'canonicalHomepageUrl': 'https://www.75n1.net/', 'blogspotFaviconUrl': 'https://www.75n1.net/favicon.ico', 'bloggerUrl': 'https://www.blogger.com', 'hasCustomDomain': true, 'httpsEnabled': true, 'enabledCommentProfileImages': true, 'gPlusViewType': 'FILTERED_POSTMOD', 'adultContent': false, 'analyticsAccountNumber': 'G-5BKSEB8T0Z', 'analytics4': true, 'encoding': 'UTF-8', 'locale': 'id', 'localeUnderscoreDelimited': 'id', 'languageDirection': 'ltr', 'isPrivate': false, 'isMobile': false, 'isMobileRequest': false, 'mobileClass': '', 'isPrivateBlog': false, 'isDynamicViewsAvailable': true, 'feedLinks': '\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Artificial Intelligence - Atom\x22 href\x3d\x22https://www.75n1.net/feeds/posts/default\x22 /\x3e\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/rss+xml\x22 title\x3d\x22Artificial Intelligence - RSS\x22 href\x3d\x22https://www.75n1.net/feeds/posts/default?alt\x3drss\x22 /\x3e\n\x3clink rel\x3d\x22service.post\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Artificial Intelligence - Atom\x22 href\x3d\x22https://www.blogger.com/feeds/6591049221521879804/posts/default\x22 /\x3e\n\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Artificial Intelligence - Atom\x22 href\x3d\x22https://www.75n1.net/feeds/1243401757670182803/comments/default\x22 /\x3e\n', 'meTag': '', 'adsenseClientId': 'ca-pub-6383524082178772', 'adsenseHostId': 'ca-host-pub-1556223355139109', 'adsenseHasAds': false, 'adsenseAutoAds': false, 'boqCommentIframeForm': true, 'loginRedirectParam': '', 'view': '', 'dynamicViewsCommentsSrc': '//www.blogblog.com/dynamicviews/4224c15c4e7c9321/js/comments.js', 'dynamicViewsScriptSrc': '//www.blogblog.com/dynamicviews/89d9ab82ea562629', 'plusOneApiSrc': 'https://apis.google.com/js/platform.js', 'disableGComments': true, 'interstitialAccepted': false, 'sharing': {'platforms': [{'name': 'Dapatkan link', 'key': 'link', 'shareMessage': 'Dapatkan link', 'target': ''}, {'name': 'Facebook', 'key': 'facebook', 'shareMessage': 'Bagikan ke Facebook', 'target': 'facebook'}, {'name': 'BlogThis!', 'key': 'blogThis', 'shareMessage': 'BlogThis!', 'target': 'blog'}, {'name': 'Twitter', 'key': 'twitter', 'shareMessage': 'Bagikan ke Twitter', 'target': 'twitter'}, {'name': 'Pinterest', 'key': 'pinterest', 'shareMessage': 'Bagikan ke Pinterest', 'target': 'pinterest'}, {'name': 'Email', 'key': 'email', 'shareMessage': 'Email', 'target': 'email'}], 'disableGooglePlus': true, 'googlePlusShareButtonWidth': 0, 'googlePlusBootstrap': '\x3cscript type\x3d\x22text/javascript\x22\x3ewindow.___gcfg \x3d {\x27lang\x27: \x27id\x27};\x3c/script\x3e'}, 'hasCustomJumpLinkMessage': true, 'jumpLinkMessage': 'Lihat Selengkapnya', 'pageType': 'item', 'postId': '1243401757670182803', 'postImageThumbnailUrl': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWSI62hsohDX7A25aK-kL9x4uDEgxiHSUTDBMsxVIGW7MyyDbxdzEvyv5rWMUhLDoMFiydTy_F1mkDTfotNvO4IAZ7XkmSJr-__IuJRKkYLKxQhiWGO5-LSX_5a5mkUxfVAVlC_4kMeNG6/s72-c/11807610_1649195318651250_1107698346739691199_o.jpg', 'postImageUrl': 'http://s.w.org/images/core/emoji/72x72/1f600.png', 'pageName': '[POC] Vulnerability Simplicity Of Upload', 'pageTitle': 'Artificial Intelligence: [POC] Vulnerability Simplicity Of Upload', 'metaDescription': ''}}, {'name': 'features', 'data': {}}, {'name': 'messages', 'data': {'edit': 'Edit', 'linkCopiedToClipboard': 'Tautan disalin ke papan klip!', 'ok': 'Oke', 'postLink': 'Tautan Pos'}}, {'name': 'template', 'data': {'name': 'custom', 'localizedName': 'Khusus', 'isResponsive': true, 'isAlternateRendering': false, 'isCustom': true}}, {'name': 'view', 'data': {'classic': {'name': 'classic', 'url': '?view\x3dclassic'}, 'flipcard': {'name': 'flipcard', 'url': '?view\x3dflipcard'}, 'magazine': {'name': 'magazine', 'url': '?view\x3dmagazine'}, 'mosaic': {'name': 'mosaic', 'url': '?view\x3dmosaic'}, 'sidebar': {'name': 'sidebar', 'url': '?view\x3dsidebar'}, 'snapshot': {'name': 'snapshot', 'url': '?view\x3dsnapshot'}, 'timeslide': {'name': 'timeslide', 'url': '?view\x3dtimeslide'}, 'isMobile': false, 'title': '[POC] Vulnerability Simplicity Of Upload', 'description': '#Artificial Intelligence\n#Ai #Computer Science #bisnisonline #businessman #Download #technology #free dollar #business every day #motivation', 'featuredImage': 'https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tWHRWtKxkGAzBFTzac_h9CdgjQ9097iZoA3AHNXnUJKEvtv9mh43dous194iprOsMJN57l9HmOU0EQuyhhuidtp6xFYKuaHrK8Bakgjiv-1JTQEg', 'url': 'https://www.75n1.net/2015/09/poc-vulnerability-simplicity-of-upload.html', 'type': 'item', 'isSingleItem': true, 'isMultipleItems': false, 'isError': false, 'isPage': false, 'isPost': true, 'isHomepage': false, 'isArchive': false, 'isLabelSearch': false, 'postId': 1243401757670182803}}, {'name': 'widgets', 'data': [{'title': 'JavaScript Variables', 'type': 'LinkList', 'sectionId': 'elcreative_panel_top', 'id': 'LinkList995'}, {'title': 'CSS Options', 'type': 'LinkList', 'sectionId': 'elcreative_panel_top', 'id': 'LinkList996'}, {'title': 'Custom SVG Icons', 'type': 'LinkList', 'sectionId': 'elcreative_panel_top', 'id': 'LinkList998'}, {'title': 'Custom SVG Pack (SVG Sprites)', 'type': 'HTML', 'sectionId': 'elcreative_panel_top', 'id': 'HTML994'}, {'title': 'Artificial Intelligence (Header)', 'type': 'Header', 'sectionId': 'section_app_bar', 'id': 'Header1'}, {'title': 'Tabbed Menu', 'type': 'PageList', 'sectionId': 'section_tabbed_menu', 'id': 'PageList998'}, {'title': 'Navigation Drawer Menu', 'type': 'LinkList', 'sectionId': 'section_navigation', 'id': 'LinkList999'}, {'title': 'More Menu', 'type': 'PageList', 'sectionId': 'section_navigation', 'id': 'PageList999'}, {'title': 'elcreativeCarousel', 'type': 'LinkList', 'sectionId': 'section_main_top_widget', 'id': 'LinkList2'}, {'title': 'elcreativeTicker', 'type': 'LinkList', 'sectionId': 'section_main_top_widget', 'id': 'LinkList8'}, {'title': 'elcreativeGrid', 'type': 'LinkList', 'sectionId': 'section_main_top_widget', 'id': 'LinkList3'}, {'title': 'Posts Label Search Description', 'type': 'LinkList', 'sectionId': 'section_main_widget', 'id': 'LinkList997'}, {'title': 'Post Ad Slot (Top)', 'type': 'HTML', 'sectionId': 'section_main_widget', 'id': 'HTML996'}, {'title': 'Postingan Blog', 'type': 'Blog', 'sectionId': 'section_main_widget', 'id': 'Blog1', 'posts': [{'id': '1243401757670182803', 'title': '[POC] Vulnerability Simplicity Of Upload', 'featuredImage': 'https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tWHRWtKxkGAzBFTzac_h9CdgjQ9097iZoA3AHNXnUJKEvtv9mh43dous194iprOsMJN57l9HmOU0EQuyhhuidtp6xFYKuaHrK8Bakgjiv-1JTQEg', 'showInlineAds': false}], 'footerBylines': [{'regionName': 'footer1', 'items': [{'name': 'author', 'label': 'Oleh'}, {'name': 'timestamp', 'label': ''}, {'name': 'comments', 'label': 'Komentar'}, {'name': 'share', 'label': ''}]}, {'regionName': 'footer2', 'items': [{'name': 'labels', 'label': 'Category'}]}], 'allBylineItems': [{'name': 'author', 'label': 'Oleh'}, {'name': 'timestamp', 'label': ''}, {'name': 'comments', 'label': 'Komentar'}, {'name': 'share', 'label': ''}, {'name': 'labels', 'label': 'Category'}]}, {'title': 'Between Post Ad Slot', 'type': 'HTML', 'sectionId': 'section_main_widget', 'id': 'HTML995'}, {'title': 'Post Ad Slot (Bottom)', 'type': 'HTML', 'sectionId': 'section_main_widget', 'id': 'HTML997'}, {'title': '', 'type': 'HTML', 'sectionId': 'section_main_bottom_widget', 'id': 'HTML4'}, {'title': 'elcreativeBlockHero', 'type': 'LinkList', 'sectionId': 'section_main_bottom_widget', 'id': 'LinkList5'}, {'title': 'elcreativeBlockFooter', 'type': 'LinkList', 'sectionId': 'section_main_bottom_widget', 'id': 'LinkList7'}, {'title': '', 'type': 'HTML', 'sectionId': 'section_main_bottom_widget', 'id': 'HTML3'}, {'title': '', 'type': 'HTML', 'sectionId': 'section_main_bottom_widget', 'id': 'HTML7'}, {'title': 'elcreativeSocial', 'type': 'LinkList', 'sectionId': 'section_aside_widget', 'id': 'LinkList1'}, {'title': 'Label', 'type': 'Label', 'sectionId': 'section_aside_widget', 'id': 'Label2'}, {'title': '', 'type': 'HTML', 'sectionId': 'section_aside_widget', 'id': 'HTML5'}, {'title': 'Translate', 'type': 'Translate', 'sectionId': 'section_aside_widget', 'id': 'Translate1'}, {'title': '', 'type': 'HTML', 'sectionId': 'section_aside_widget', 'id': 'HTML2'}, {'title': 'Custom Vanilla JavaScript', 'type': 'HTML', 'sectionId': 'elcreative_panel_bottom', 'id': 'HTML998'}, {'title': 'Custom jQuery Script', 'type': 'HTML', 'sectionId': 'elcreative_panel_bottom', 'id': 'HTML999'}, {'title': 'Formulir Kontak', 'type': 'ContactForm', 'sectionId': 'hidden', 'id': 'ContactForm1'}]}]);
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList995', 'elcreative_panel_top', document.getElementById('LinkList995'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList996', 'elcreative_panel_top', document.getElementById('LinkList996'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList998', 'elcreative_panel_top', document.getElementById('LinkList998'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML994', 'elcreative_panel_top', document.getElementById('HTML994'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HeaderView', new _WidgetInfo('Header1', 'section_app_bar', document.getElementById('Header1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_PageListView', new _WidgetInfo('PageList998', 'section_tabbed_menu', document.getElementById('PageList998'), {'title': 'Tabbed Menu', 'links': [{'isCurrentPage': false, 'href': 'https://www.75n1.net/p/base64decoder.html', 'id': '6407441315930087835', 'title': 'Base64 \ud83d\udcda'}, {'isCurrentPage': false, 'href': 'https://www.75n1.net/p/code-editor.html', 'id': '331371775859877782', 'title': 'Code Editor \ud83d\udcdc'}, {'isCurrentPage': false, 'href': 'https://www.75n1.net/2021/12/CARA-MEMBUAT-TULISAN-TERBALIK.html', 'title': 'inverted text \ud83d\udcd1'}, {'isCurrentPage': false, 'href': 'https://www.75n1.net/p/qr-code-generator.html', 'id': '4722439590405932994', 'title': 'QRCode \u2623\ufe0f'}, {'isCurrentPage': false, 'href': 'https://www.75n1.net/p/parse-html.html', 'id': '8422065779159790658', 'title': 'HtmlConverter \ud83d\udce4'}, {'isCurrentPage': false, 'href': 'https://www.75n1.net/p/css-minifier.html', 'id': '5995251996836083389', 'title': 'Css \ud83d\udcc1'}, {'isCurrentPage': false, 'href': 'https://www.75n1.net/p/safelink.html', 'id': '8181221907554212794', 'title': 'Safelink \u2622\ufe0f'}, {'isCurrentPage': false, 'href': 'https://www.75n1.net/p/calculator.html', 'id': '2429495153137469471', 'title': 'CalLoan \u2328\ufe0f'}], 'mobile': false, 'showPlaceholder': true, 'hasCurrentPage': false}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList999', 'section_navigation', document.getElementById('LinkList999'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_PageListView', new _WidgetInfo('PageList999', 'section_navigation', document.getElementById('PageList999'), {'title': 'More Menu', 'links': [{'isCurrentPage': false, 'href': 'http://www.75n1.net/', 'title': '\ud83d\udcf6Beranda'}, {'isCurrentPage': false, 'href': 'https://www.75n1.net/p/dashboard.html', 'id': '6480565890879288711', 'title': '\ud83c\udd95Login'}, {'isCurrentPage': false, 'href': 'https://www.75n1.net/p/contact-support.html', 'id': '528839158299513358', 'title': '\ud83d\udce9Contact Support'}], 'mobile': false, 'showPlaceholder': true, 'hasCurrentPage': false}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList2', 'section_main_top_widget', document.getElementById('LinkList2'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList8', 'section_main_top_widget', document.getElementById('LinkList8'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList3', 'section_main_top_widget', document.getElementById('LinkList3'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList997', 'section_main_widget', document.getElementById('LinkList997'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML996', 'section_main_widget', document.getElementById('HTML996'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_BlogView', new _WidgetInfo('Blog1', 'section_main_widget', document.getElementById('Blog1'), {'cmtInteractionsEnabled': false, 'lightboxEnabled': true, 'lightboxModuleUrl': 'https://www.blogger.com/static/v1/jsbin/832967572-lbx.js', 'lightboxCssUrl': 'https://www.blogger.com/static/v1/v-css/13464135-lightbox_bundle.css'}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML995', 'section_main_widget', document.getElementById('HTML995'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML997', 'section_main_widget', document.getElementById('HTML997'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML4', 'section_main_bottom_widget', document.getElementById('HTML4'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList5', 'section_main_bottom_widget', document.getElementById('LinkList5'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList7', 'section_main_bottom_widget', document.getElementById('LinkList7'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML3', 'section_main_bottom_widget', document.getElementById('HTML3'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML7', 'section_main_bottom_widget', document.getElementById('HTML7'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LinkListView', new _WidgetInfo('LinkList1', 'section_aside_widget', document.getElementById('LinkList1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_LabelView', new _WidgetInfo('Label2', 'section_aside_widget', document.getElementById('Label2'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML5', 'section_aside_widget', document.getElementById('HTML5'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_TranslateView', new _WidgetInfo('Translate1', 'section_aside_widget', document.getElementById('Translate1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML2', 'section_aside_widget', document.getElementById('HTML2'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML998', 'elcreative_panel_bottom', document.getElementById('HTML998'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML999', 'elcreative_panel_bottom', document.getElementById('HTML999'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_ContactFormView', new _WidgetInfo('ContactForm1', 'hidden', document.getElementById('ContactForm1'), {'contactFormMessageSendingMsg': 'Mengirim...', 'contactFormMessageSentMsg': 'Pesan sudah dikirim.', 'contactFormMessageNotSentMsg': 'Pesan tidak dapat dikirim. Coba lagi nanti.', 'contactFormInvalidEmailMsg': 'Alamat email harus valid.', 'contactFormEmptyMessageMsg': 'Bidang pesan harus diisi.', 'title': 'Formulir Kontak', 'blogId': '6591049221521879804', 'contactFormNameMsg': 'Nama', 'contactFormEmailMsg': 'Email', 'contactFormMessageMsg': 'Pesan', 'contactFormSendMsg': 'Kirim', 'contactFormToken': 'AOuZoY5JtYj1CZq6fZB28p7B3dc-Xj2gmg:1729567084227', 'submitUrl': 'https://www.blogger.com/contact-form.do'}, 'displayModeFull'));
</script>
</body>
<!-- Google Tag Manager (noscript) -->
<noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-WF7BMJJ"
height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>
<!-- End Google Tag Manager (noscript) -->