Cara senang untuk deface menggunakan FCKedtior
1. Korang kene ade deface sendiri. Korang leh buat menggunakan notepad.txt dan save as (Namakorang).html
p/s : xtw mcm mna coding html? korg prgi kt website yg kna deface tu.. click kanan.. save page as.. pastu, korg cari file yg korg save tu.. edit file .html tu guna notepad.. SIAP!
2. okey skrg, time kita nk cari website yg ad vuln(vulnerability).. kwn baik utk hacker ialah Mr. Google..
) so skrg, bka google.com dan search guna dork nie :Powered by OpenCart site:.com
3. korg akn kmpa beratus even berribu website yg ad dork spt diatas.. TAPI! bkan smua vuln.. website yg vuln adlah website yg belum di-patch oleh admin website tu.. so korg kn "ETHICAL HACKER".. so korg bg la admin tu warning sikit utk patch website diorg dgn deface website mereka
4. pilih salah satu list yg kluar dkat google tu..
contoh website ak plih :
http://www.inputandanalysis.com/
5. skrg korg tmbah exploit dkat akhir website tu..
exploit :
/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
6. website korg ak jd spt ni:
http://www.inputandanalysis.com/admin/vi.../test.html
7. ganti connector : ASP ke PHP , pilih file , then upload..
8. lpas upload website akn kluar pop up.. "file upload with no error" .. n itu mnunjukkn yg korg dh bjaya upload deface website kt website tu.. tp kdg2, dy akn kluar popup "file upload with no error" jg, tp sbnrnya.. website tu ad error utk move korg pnya deface website tu.. so, korg xyah la tggu lg nk upload kt website tu..
9. LAST STEP : tgk defaced website korg..
td korg pnya url mcm nie :
http://www.inputandanalysis.com/admin/vi.../test.html
skrg buang korg pnya exploit n tambah dgn korg pnya .html extension yg korg upload..
http://www.inputandanalysis.com/Hello.html
