Deface Metode WP Themes U-Design Shell Upload Vulnerability

Tutorial Deface


Yoo temu lagi ama gue ^_^
Kali ini tutornya depes site CMS WordPress ea.
Bugnya ada di themes yaitu themes U-Design. ok crot crotnya udahan dulu, kita masuk ke tutor _^

> Dork : 
- inurl:/themes/u-design/
- inurl:/themes/u-design/ ext:jpg >> dorkingnya di images.

> Exploit : /wp-content/themes/u-design/scripts/admin/uploadify/uploadify.php

CSRF : Di sini

Step :

1. Dorking dulu ea pake dork di atas (terserah mau dorking biasa ato di images)

2. Setelah dorking masukan exploitnya. Contoh : site.com/wp-content/themes/u-design/scripts/admin/uploadify/uploadify.php ntar kalo vuln hasilnya bakal blank.


Deface Metode WP U-Design

3. Selanjutnya lu buka CSRF yang tadi. Kalo males scroll ke atas klik aja >> CSRF

4. Setelah lu buka CSRF Online, bakal ada kolom URL sama POSTFILE. Untuk URL lu isi site yang tadi vuln (lengkap nempel exploit juga), POSTFILE lu isi Filedata.

Deface Metode WP U-Design

5. Kalo udah diisi semua, sekarang lu klik Lock! ntar bakal muncul form upload. Nah pilih shell bekdur lu terus klik upload.


Deface Metode WP U-Design

6. Setelah lu upload, ntar kalo muncul angka 1 berarti uploadnya berhasil dan tinggal akses shell lu. Kalo selain itu ya derita lo :P karena gue gans.


Deface Metode WP U-Design

7. Tinggal akses. Akses file/shell : site.com/namafile.php

Deface Metode WP U-Design

Setelah itu terserah lo deh mau ngapain, kalo mau nebas index backup dulu kontiillll! Hargain webmaster meskipun webmaster gak ngehargain elu su.

Live Site : www.scr-industries.com

Thanks to : MichZo - -=P0IS0NERzzID=- - LCR999X - --oo0oo-- - Ryu404 - FreakzSec -./GEMBEL - Mr.L0"Ch0 - RamsNotes31 - [LuCiiFeR] - Mr.BeanCyberID_404 - EquinoX - BL4CK_SKULL_C4P-FnF16 - 0tamega// - ~R3CAPTCHA ID~ - y0sh1 - Mr.L0weRS - Aniki - InurlID - ./Fri4K_4R4nz - /.Mr_Jack154 - XS4BL9 - ~./Khoer - ./Mr.X.Z0NK.X - Xanoi - PheonixTM - MSAttacker - R1z4 - ./Mr. BA645 -./Mr.B3rUk.404 - /Mr.KodoC - Mr. X3R0X - Renym - Anzel4 - Walk3r404z

Previous
Next Post »
Thanks for your comment