Deface Poc Chamillo LMS 1.11.8 - Arbitrary File Upload
Hai kali ini saya akan memberikan tutorial Deface Poc Chamillo LMS 1.11.8 - Arbitrary File Upload
Metode ini sangat jarang kita dengar,tapi sebenarnya xploit ini udah ada sejak 1 tahun lalu yang di publish di xploitdb
1.dork : "powered by chamilo"
2.vuln jika versi 1.11.8 atau di bawah nya 1.8
Dorking setelah anda dorking cari yang sekiranya vuln
Lalu anda register(explpit) di situs tersebut
Setelah itu upload ektensi php.gif
Kalau belum ada shel nya kalian bisa liat selengkap nya di
bawah
Setelah upload terserah mau kalian apain
# Exploit Title: Chamillo LMS 1.11.8 - Arbitrary File Upload
# Google Dork: "powered by chamilo"
# Date: 2018-10-05
# Exploit Author: Sohel Yousef jellyfish security team
# Software Link: https://chamilo.org/en/download/
# Version: Chamilo 1.11.8 or lower to 1.8
# Category: webapps
# 1. Description
# Any registered user can upload files and rename and change the file type to
# php5 or php7 by ckeditor module in my files section
# register here :
# http://localhost/chamilo//main/auth/inscription.php
# after registration you can view this sections
# http://localhost/chamilo/main/social/myfiles.php
# http://localhost/chamilo/main/inc/lib/elfinder/filemanager.php?&CKEditor=content&CKEditorFuncNum=0
# upload your shell in gif format and then rename the format
# if the rename function was desabled and add this GIF89;aGIF89;aGIF89;a before <?PHP
# to be like this for examlple
SILAHKAN AMBIL CODE NYA :
# and uplaod it as php.gif
# you can browse the files form right click and click on browse option
Referensi : https://chikstech.eu.org
![Cara Hack Facebook Dengan Android [No Root]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1NB8v5rLoh-UFtL0E2K0MMi_GjHdBe3ACmUuVJLgZboaOQ8DNuMlV6JuTPaTWdzEeu0H69cr1qp2fmR7m7D1p04joKHS3Ai7gy-JsxpiyP3b2DZz5Wxddtq2czlo5rAHlDGkVdbPIDx8i/w90-h50-p-k-no-nu/ "Cara Hack Facebook Dengan Android [No Root]"){kind=small}
