Deface site indo dengan CKFinder (live target) – POC Lama

6ickzone 0
🎯 Deface site indo dengan CKFinder – POC Lama

🎯 Deface site indo dengan CKFinder – POC Lama

🕶️ Pendahuluan

CKFinder/CKDrive. Walau ini bug jadul, tetep aja lumayan buat nambah mirror archive. 😆

🔎 Dork

Biasanya gue pake dork: 


site:.id inurl:ckfinder.html

site:.id inurl:ckfinder

site:.id inurl:ckdrive

site:.id "ckfinder" "type=Images"

kembangkan biar dapat yang fresh

exploit:
site.co.li/_statics/ckdrive/ckfinder.html

Live Target:
https://el-ma-asda.com/__statics/ckdrive/ckfinder.html

aksesnya
https://el-ma-asda.com/__statics/gudangsoal/files/s.txt(s.txt nama fileny)

Walau cuma bisa .txt, tapi udah cukup buat nambah list mirror wkwk

⚡ Eksplorasi yang Bisa Dicoba

  • Upload .html → kalau bisa, langsung bikin custom deface page ala newbie bangga :v.
  • Coba double extension kayak index.php.txt.
  • Ngintip folder default: /files/, /uploads/, /userfiles/.

🛡️ Mitigasi (andai Saia Jadi Admin wkwk)

Jangan cuma bisa attack doang, brok. Bayangin kalo jadi admin, gue bakal:

  • Nutup akses publik ke ckfinder.html.
  • Bikin upload khusus user yang login aja.
  • Filter extension & MIME type biar ga asal masuk.
  • Pindahin folder upload jauh dari root publik.

Baca juga artikel: exploit joomla full pack

🧩 Kesimpulan

Bug ini mungkin keliatan receh, tapi buat nambah ilmu lumayanlah Dari sini gue ngerti kalo deface itu bukan cuma soal nulis nickname di web, tapi juga soal eksplorasi & belajar sistem di balik layar. 🔥

"Where creativity, exploitation, and expression collide." — 6ickZone
Tags

6ickzone

I've been deep in the world of cybersecurity, crypto, AI, and hacking for years. This blog is where I share my journey, tools, tips, and everything I learn along the way. But beyond code and exploits, there's also rhythm. I'm also exploring the digital soundscape — producing beats, fusing dark tech vibes with trap, drill, and EDM. Music is my second language, and it's where I channel the energy of the underground digital world. From my early days as a defacer to my current focus on ethical hacking and experimental music, I’m building 6ickzone as a hybrid space where hacking meets art. Why 6ickzone? 6ickzone is more than just a blog — it's a realm where hackers, beatmakers, and digital renegades gather. Whether you're here for the tools or the tunes, welcome to the zone.

Post a Comment

Posting Komentar

Lebih baru Lebih lama

Mengenai Saya

Foto saya
6ickzone
I've been deep in the world of cybersecurity, crypto, AI, and hacking for years. This blog is where I share my journey, tools, tips, and everything I learn along the way. But beyond code and exploits, there's also rhythm. I'm also exploring the digital soundscape — producing beats, fusing dark tech vibes with trap, drill, and EDM. Music is my second language, and it's where I channel the energy of the underground digital world. From my early days as a defacer to my current focus on ethical hacking and experimental music, I’m building 6ickzone as a hybrid space where hacking meets art. Why 6ickzone? 6ickzone is more than just a blog — it's a realm where hackers, beatmakers, and digital renegades gather. Whether you're here for the tools or the tunes, welcome to the zone.
Lihat profil lengkapku

Cari Blog Ini

About