Sunday, 22 June 2014

Shop737 - File Upload Vulnerabilities



Finding Vulnerable Target

Dork: intext:"Powered by Shop737"

1- Copy and paste this dork on Google.

2- Choose any site as your target.

3- Once you clicked on your target, you will see something like this,




Exploiting Target

1- To enable upload mode, you need to change a little bit the website URL.

Change index.php to upload.php


Example :

http://asdijateng.org/poto/index.php?

to

http://asdijateng.org/poto/upload.php


Hit enter and you will get an admin login prompt,





2- Simply enter the username and password as below:

User Name : admin
Password : admin


3- After you click Log In , you will get something like this,



4- As you can see, there is "Buat kategori baru:" , fill in the field your new category name as you like :)

Below the text, there is "Keterangan kategori:" , just leave it empty and just click  the "Buat Kategori" button.





5- Or you can just simply browse your file and click upload.

6- If your file is successfully uploaded, it will be in directory /poto/[category_name]/yourfile.txt

 Example:
www.site.com/poto/kd.txt
www.site.com/poto/bcc/kd.txt