.png)
3 years ago
168 BOOK THIS SPACE FOR AD
ARTICLE AD
How are you guys ? I hope you are fine there and can surviv with this pandemic. This is my 2nd write up about my bug bounty journey….Lets go !
Before we go any further it helps us to know what a filemanager is ? Filemanager is a piece of software that provides an interface for working with file systems. File manager functions for file management, managing files / files, creating files, opening files, editing, viewing, renaming files, moving, copying, deleting, searching and changing file permissions.
Initially I wanted to find an online class at one of the biggest coding bootcamp websites in Indonesia. We can call it as redacted.com. Somehow this bug I found also accidentally the same as before -_-.
I am just doing recon with wappalyzer and dirbuster. I found something special with wappalyzer result. Redacted.com using Laravel as the back end frameworks. I have experience about this frameworks and i know one exploit that is posible with this frameworks. Yes…. phpunit RCE. But unlucky i checked the vendor they don’t use phpunit.
I continue my recon by fuzzing the directory with dirbuster. Hmm…can you see the suspicious directory ? Yes….filemanager xD. I tried to open in the web but returning to login page -_-. Wait… returning ? means the directory does exist ! I am login with my old account and tried to open the filemanager again and BOOOM !.
I immediately tried to upload backdoor .php directly but failed. Second attempts i tried to upload .jpg and change the file content and extensions file with burpsuite.
WOW My .php file has been uploaded successfully !. I open it quickly to get my bind shell. And i get the ssh keys and database configuration.
Bengali (Bangladesh) · 
English (United States) ·