squadcyber.org - Masih bersama ane lagi guys :v Langsung sadja dah kgk usah basa-basi :v Kali ini gw mau share turtor pepes metode Wp Themes Qualifire File Upload. Simak ea :v
Bahan" :
Dork : inurl:"/wp-content/themes/qualifire/ (kembangin cuks)
Exploit nya : www.site.co.li/[path]/wp-content/themes/qualifire/scripts/admin/uploadify/uploadify.php
Langsung :v
1. Dorking pakek dork diatas :v
2. Vuln? tanda nya blank page ea :v
3. Buka CSRF onle tdi lalu masukin url nya. Post file nya isikan dengan "Filedata". Abis tuh kunci target -> browse file lu -> klik genjot.
4. Sukses? muncul angka 1
5. Akses? cek di www.site.co.li/namafilelu
Maap kalo salah/kurang jelas :v
Thanks :*
Comments
Post a Comment