Halo Sob Jumpa Lagi dengan saya Ihsan.. Oke Kali ini saya akan Share Cara Deface website OJS ( Open Journal Systems ) ada Yg Tau apa Itu OJS?
OJS Adalah sebuah aplikasi Journal terbuka untuk Management yang biasa di gunakan dalam pemerintah, pendidikan & lembaga lain.
Type : Uploader File Data
Type : Uploader File Data
Dork :
index.php/index/user/register
index/user/register/
user/register
index of files OJS intitle:register
"index of files" "OJS"
"index of files" "journal article"
/ojs/index.php/user/register
/journal/index.php/user/register
"journal" intext:register inurl:user/register site:.id
OpenJournal register "parent directory site:id
OpenJournal register "Index Of" site:id
/files/journals/1/articles "articles" site:id
/files/journals/1/articles "submission" site:id
/files/journals/1/articles "register" site:id
/submission/original/ "OJS"
submission/original/ "OpenJournal"
"parent directory" /files/journals/1/submission
inurl:/user/register/ "e-journal"
/files/journals/1/articles site:id [Search BING]
index of parent directory journal article submission [Search BING + GOOGLE]
OJS "parent directory" site:id [Search BING + GOOGLE]
Vuln : /index.php/index/user/register ( Bisa registrasi )
1. Kamu harus mendaftar dulu disini > site,com/index.php/index/user/register
-Jangan Lupa untuk mencentang Registrasi sebabagi Author / penulis & Jangan ceklis Email konfimasi
2. Setelah Registasi Klik "New Submission"
3. Selesaikan Step 1
4. Di Step 2, kamu dapat upload shell (format shell : a.phtml)
5. Jika sukses maka seperti ini
Penjelasan :
Filename : 4-4-1-SM.phtml
4 = id user kamu
Shell Path :
/files/journals/1/articles/[iduser]/submission/original/[nama file].phtml
Contoh : files/journals/1/articles/4/submission/original/4-4-1-SM.phtml
KOMENTARLAH DENGAN SOPAN :)
MULUTMU HARIMAUMU :)
EmoticonEmoticon