Server Side Include is a web application exploit which give grant us access to upload files remotely to vulnerable sites. File uploading is multi-extension exception is .php,you cannot execute your shell in .php form
First step is finding vulnerable site by GOOGLE/BING DORKS :
inurl:bin/Cklb/
inurl:login.shtml
inurl:login.shtm
inurl:login.stm
inurl:search.shtml
inurl:search.shtm
inurl:search.stm
inurl:forgot.shtml
inurl:forgot.shtm
inurl:forgot.stm
inurl:register.shtml
inurl:register.shtm
inurl:register.stm
inurl:login.shtml?page=
If the Dorks doesn't work then find the sites manually by the following commands codes :-
Manual Injection:- Put the following codes in field of USERNAME & PASSWORD
IT WILL SHOW DATE
IT WILL SHOW RUNNING USER ON THE SERVER
IN LINUX ONLY
IT WILL SHOW DIRECTORY FILES
WINDOWS ONLY, DISPLAY DIRECTORY FILES
After finding a vulnerable loop in site it's time to upload your deface page or shell.
First find a host provider where you can upload your deface like best one is pastehtml.com
Now enter the following code in USERNAME AND PASSWORD
Then by this code your deface will be be upload to view your deface page go to the http://website.com/deface.html
How to Upload shell in the site-
First Host your shell in .txt format on any site..
Then Enter the following code in login page
Check either your shell.txt is uploaded or not by this code
In File Extension change your shell.txt to shell.php by the help of this command
Now you can access your shell by this link site.com/shell.php -
No comments:
Post a Comment