Ok,Sebenarnya ini sudah ada di exploit-id dan web" lainnya.
saya disini hanya menjelaskan beberapa kalimat agar bisa anda mengerti dan anda ketahui,
Ok sekarang Simak Kata ini :
Dork :
1) intitle:Real Estates Property inurl:property_listings_detail.php?listingid=
2) intitle:Real Estates Property inurl:Project-Shree_Balaji_-Ahmedabad-4
3) intitle:Real Estates Property inurl:my_account_edit_builder_project.php?id=
4) intitle:Real Estates Property inurl:my_account_view_builder_project.php?id=
Seperti yang di jelaskan :
Vulnerable Module(s):
[+] Project-Shree_Balaji_-Ahmedabad-4
[+] property_listings_detail.php?listingid=12[
[+] my_account_edit_builder_project.php?id=37%27
[+] my_account_view_builder_project.php?id=37
Introduction:
Real Estate property is an online real-estate service committed to helping you make wise and profitable decisions related to buying, selling, renting and leasing of properties, in India and key global geographies. It will provide a fresh new approach to our esteemed users to search for properties to buy or rent, and list their properties for selling or leasing. (Copy of the Vendor Homepage: http://www.gharwhar.com)
1.3 Arbiritrary File Upload Arbitrary file upload vulnerability allows the attacker to upload different files that aren\\\\\\\'t images or pdf. The attacker can upload these files after, he/she remans them to file.php.jpg. The null byte get truncated and the the file file.php get uploaded
Vulnerable Module(s):
[+] Property Details - uploading propertied photos
[+] add profile photo
seperti yang di jelaskan :
[+] Upload Hanya bisa Image dan pdf (dibuat berbeda contoh : namafile.php.jpg)
[+] Kalau mau upload tinggal cari module seperti yang di atas contoh: add profile photo
(cari add profile photo upload pakai tamper data,live http header)
admin login bisa anda cari sendiri pakai havij / admin finder.
THx To = Author: Vulnerability-Lab & Don Po (Me)
Silahkan artikan sendiri codenya disini : http://www.exploit-id.com/web-applicatio...rabilities
Widgets
Social Links
Search
Popular Posts
-
1.Pertama agan Daftar Dlu di web hosting saran ane sih di idhostinger.com bagus kok 2.kalo sudah anda bikin cpanel la -_- 3.Kalo Sudah anda ...
-
Nih om, Ane Mau Share Sesuai Judul Ya Udah tau film kartun paling fenomenal Spongebob kan? kebangetan kalau gak tau.. ane sendiri juga suk... -
banyak yg suksen gara2 ini loh,.. makanya gabung caranya: Silahkan register gratis di website : Socipoll Login dan edit profile anda lal...
-
Kali ini saya akan membuat artikel mengenai Free Download Games Dishonored Full Version ( PC ) Silahkan liat juga postingan artikel saya s... -
Banyak yang masih bingung tentang cara meng-instal atau memasang Kitserver 13 untuk PES 2013. Berikut saya akan coba untuk mentutorialkannya... -
Dahulu saya sudah pernah share Windows 7 Loader v2.1.0 Daz , berhubung filenya sudah di hapus, maka saya sekalian aja share versi terbaru... -
5 Nama Perusahaan Teknologi yang Selalu Salah Sebut 1. Xiaomi Pertama di list kita ada Xiaomi . Hayo, gimana sih cara kamu menyebutk...
-
Tanggal Rilis : 5 November 2003 (Amerika Serikat) Jenis Film : Action | Adventure | Sci-Fi Diperankan Oleh : Keanu Reeves, Laurence Fishbu...
-
Tanggal Rilis : 18 May 2001 (USA) Jenis Film : Animation | Adventure | Comedy Diperankan Oleh : Mike Myers, Eddie Murphy and Cameron Diaz...
-
Tanggal Rilis : 10 September 2004 (USA) Jenis Film : Crime | Thriller Diperankan Oleh : Kim Basinger, Chris Evans and Jason Statham Ring...
Los Angeles …Look at the site…News about residential income/rental property in Los Angeles.
ReplyDeleteLos Angeles Housing Dept
LAHD
Real estate
Thank you for making the effort and spreading the information with all of us.
ReplyDeleteIt was indeed very useful and informative while being straight forward
and to the point. I have also avail information about the best new project.
Realty Generation
http://www.realtygeneration.com