Deface Website WordPress Theme U-Design Arbitrary File Upload Vulnerabilty
===================================================================
== Dork : inurl:/wp-content/themes/u-design/ ==
== inurl:/wp-content/themes/u-design/options/ ==
== inurl:/wp-content/themes/u-design/scripts/admin/uploadify/uploadify.php ==
== Exploit : /wp-content/themes/u-design/scripts/admin/uploadify/uploadify.php ==
== CSRF : Disini (Online) By Drach Levia ==
== Shell : Carik Sendiri Di Google :v (Recomended IndoXploit shell) ==
== Shell : Carik Sendiri Di Google :v (Recomended IndoXploit shell) ==
===================================================================
Proof Of Concept :
1. Dorking makek Dork Diatas !!! Pelajari dan Kembangin lagi -_- !!!
2. Jika udah ketemu webnya Masukkan Exploitnya. Contoh : www.bechy.com/[path]/wp-content/themes/u-design/scripts/admin/uploadify/uploadify.php
3. Nah. Disini tahap yang menentukan keberhasilannya :v. Kalok dia Blank maka Vuln(Anda beruntung) tapi kalok ga Blank atau Not Found / Error 404. Carik target lain, jangan menyerah :v tetap semangat
4. Masukan url target kalian ke CSRF online tadi, Pilih Post Name nya pilih Filedata, klik next lalu Upload Shellnya deh dengan Submit.
5. Jika vuln/berhasil hasil tampilannya ada Angka "1" (Tanpa Tanda Kutip). Kalok ga berhasil Cari yang lain :V Tetap Semangat. Jangan menyerah.
6. Lalu Cara akses Shell yang kita Upload www.bechy.com/shellku.php
7. Done. Silahkan Di Obok-obok.
Thanks to :sasrgrup
Repost : Mr.Bechy
Comments
Post a Comment