Cara Deface Poc OJS (Open Journal System)
admin
---
Halo sobat pada peluang kali ini saya akan membagikan cara deface poc ojs ok langsung aja.
#Dork
index.php/index/user/register
index/user/register/
user/register
index of files OJS intitle:register
“index of files” “OJS”
“index of files” “journal article”
/ojs/index.php/user/register
/journal/index.php/user/register
“journal” intext:register inurl:user/register site:.id
OpenJournal register “parent directory site:id
OpenJournal register “Index Of” site:id
/files/journals/1/articles “articles” site:id
/files/journals/1/articles “submission” site:id
/files/journals/1/articles “register” site:id
/submission/original/ “OJS”
submission/original/ “OpenJournal”
“parent directory” /files/journals/1/submission
inurl:/user/register/ “e-journal”
/files/journals/1/articles site:id *selebihnya use you brain
-Exploit
/index.php/index/user/register
/index.php/frontpage/register
/index.php/wphes/user/register
#Exploit Cek Vuln
/assets/files/
/files/
/file/repository/
1. Mencari Website Dengan Dork
2. Cek Website Apakah Website Tersebut Vuln
Jika tampilan nya seperti itu maka website tersebut vuln, dan bisa langsung di eksekusi.
3. Register Pengguna
Isi formulir yang ada tanda bintang atau "*"
Centang kolom penulis
3. Masukan Penyerahan Naskah Baru
4. Check List Semua Naskah
5. Upload File Deface/ Shell
Nah terdapat formulir upload, kalian upload file Deface ataupun Shell dengan Ext Shell.phtml jika script itu html.
Jika sudah upload maka akan di berikan informasi file seperti ini
perhatikan nama file 767-2587-1-SM.html
Penjelasan :
Filename : 572-2146-1-SM.html
572 = id user kamu
script shell patch
http://www.contoh.com/files/journals/1/articles/[iduser]/submission/original/[nama file].phtml
Contoh : files/journals/1/articles/572/submission/original/572-2146-1-SM.html
Hasilnya :
Sekian Itu dia artikel cara deface poc open journal system atau ojs
Posting Komentar
Posting Komentar