Deface Metode Admin Mistake

Assalamualaikum Wr Wb
Deface metode Admin Mistake
________________________________________
Deface Metode Ini Cukup Unik,Namanya Juga Admin Mistake Jadi Ga tau Siapa adminya.Kita Ga perlu Login Alias Langsung masuk ke Dashboardnya wkwkwk
================================
Google Dork:intext:delhi site:in
            inurl:/admin/Dashboard.php "Gallery"
            inurl:/admin/Dashboard.php "Viewgallery"
            inurl:/admin/Dashboard.php "addgallery"
            inurl:/admin/Dashboard.php "galleryadd"
            inurl:/admin/Dashboard.php "Galleryview"
            inurl:/admin/Dashboard.php "News"
            inurl:/admin/Dashboard.php "AddNews"
            inurl:/admin/Dashboard.php "viewNews"
            inurl:/admin/Dashboard.php "artickel"
            intext:"username" /admin site:
            inintitle:"administrator" "login" "username" "password"
            inurl:/panel/login.php 'password' site:in
            inurl:/login.php intitle:'login panel' 'password'
            intext:/welcome/Dashboard.php
            intext:/Home/Dashboard.php
            inurl:/admin/Dashboard.php
            inurl:/panel/Dashboard.php
            inurl:/admin/dashboard.php "welcome"
            inurl/admin/dashboard.php "panel"
            inurl:/admin/dashboard.php "logout"
            inurl:/admin/Dashboard.php "home"
            inurl:/admin/dashboard.php site:in
            inurl:/panel/Dashboard.php
            (kembangin lagi biar fresh)
================================
Proof Of Concept:
1.Dorking Di Google Dan Pilih Web Yg Vuln
2.Jika Vuln akan Langsung Masuk Ke Dashboard Admin Tanpa Login

3.Tinggal Up Shell/Script Defacemu:v           

Ga percaya kalo kita bisa masuk tanpa login:v

Nih Demonya gan http://bietn.in/admin/viewslider.php

  Sekian semoga bermanfaat
Wassalamualaikum wr wb
           

Bagikan Artikel ini