Assalamualaikum Wr Wb
Deface metode Admin Mistake
________________________________________
Deface Metode Ini Cukup Unik,Namanya Juga Admin Mistake Jadi Ga tau Siapa adminya.Kita Ga perlu Login Alias Langsung masuk ke Dashboardnya wkwkwk
================================
Google Dork:intext:delhi site:in
inurl:/admin/Dashboard.php "Gallery"
inurl:/admin/Dashboard.php "Viewgallery"
inurl:/admin/Dashboard.php "addgallery"
inurl:/admin/Dashboard.php "galleryadd"
inurl:/admin/Dashboard.php "Galleryview"
inurl:/admin/Dashboard.php "News"
inurl:/admin/Dashboard.php "AddNews"
inurl:/admin/Dashboard.php "viewNews"
inurl:/admin/Dashboard.php "artickel"
intext:"username" /admin site:
inintitle:"administrator" "login" "username" "password"
inurl:/panel/login.php 'password' site:in
inurl:/login.php intitle:'login panel' 'password'
intext:/welcome/Dashboard.php
intext:/Home/Dashboard.php
inurl:/admin/Dashboard.php
inurl:/panel/Dashboard.php
inurl:/admin/dashboard.php "welcome"
inurl/admin/dashboard.php "panel"
inurl:/admin/dashboard.php "logout"
inurl:/admin/Dashboard.php "home"
inurl:/admin/dashboard.php site:in
inurl:/panel/Dashboard.php
(kembangin lagi biar fresh)
================================
Proof Of Concept:
1.Dorking Di Google Dan Pilih Web Yg Vuln
2.Jika Vuln akan Langsung Masuk Ke Dashboard Admin Tanpa Login
3.Tinggal Up Shell/Script Defacemu:v
Ga percaya kalo kita bisa masuk tanpa login:v
Nih Demonya gan https://www.tua.university/king-admin/dashboard.php
Sekian semoga bermanfaat
Wassalamualaikum wr wb
