IDCA Blog's

Knowledge is Free | We Share To Everywhere

Monday, May 27, 2013

Wordpress Themes Upload Vulnerabily

8:04 AM Defacing , 17 Comments
Selamat malaaaaam sobat IDCA =))

lama banget ane k posting :D *lebay -_-
Langsung saja yaaa, ane mau share trik deface lagi, tapi trik ini sebenernya udah jadul sih tapi bagi yang belum tau silahkan baca tutorial berikut ini :D

Dork :


  • inurl:/wp-content/themes/KidzStore
  • inurl:/wp-content/themes/WpStore
  • inurl:/wp-content/themes/eCommerce
  • inurl:/wp-content/themes/eShop
  • inurl:/wp-content/themes/emporium
  • inurl:/?=cart intext:"Sorry, the Cart is empty. Select Products via Continue Shopping."
untuk dork bisa kalian kembangin sendiri okey =))

[+] LANGKAH - LANGKAH [+]

1. Copy dan paste kan ke google salah satu dork diatas


2. Lalu pilih salah satu, disini saya mengambil contoh http://www.laptopreplacementscreen.com/



3. Setelah itu kalian buka sourcenya caranya tekan CTRL+U , Setelah itu cari sebuah link di source tersebut contoh punya saya "https://www.laptopreplacementscreen.com/wp-content/themes/WPStore/style.css"




5. Setelah itu kalian ubah menjadi "wp-content/themes/[path]/upload/
  • www.laptopreplacementscreen.com/wp-content/themes/WPStore/upload




6. Jika uploadnya lama, berati tandanya ngak bisa, tapi kalo cepat berati berhasil terupload (*tergantung size file yang di upload sih) jika sudah cara memanggilnya seperti ini :
  • localhost/wp-content/uploads/products_img/SHELL.php
maka hasilnya akan seperti ini :


nah tinggal tebas tuh :D

oke sekian tutorial newbie dari saya, jika kurang jelas silahkan tanyakan di komentar =))

Content Creator : Bimo Septiawan







By di
Label:

17 comments:

  1. Kevin AndersonMay 27, 2013 at 8:37 AM

    This comment has been removed by the author.

    ReplyDelete
  2. UnknownMay 27, 2013 at 11:20 PM

    Terima Kasih Om Bimo (h)

    ReplyDelete
  3. UnknownMay 27, 2013 at 11:26 PM

    Om ko udh di eksekusi linknya, tpi ko 404 not found mulu sih ?? File Shell aku ukurannya 104 KB ..
    Mohon Pencerahannya

    ReplyDelete
  4. UnknownMay 27, 2013 at 11:56 PM

    Pasang shellnya Pusing ,, udh di eksekusi tetep 404 not found mulu ... -_-

    ReplyDelete
    Replies
    1. AnonymousMay 28, 2013 at 1:34 AM

      Coba cari shell lain aja sob!! (o)

      Delete
    2. UnknownMay 28, 2013 at 2:48 AM

      3 shell aku sob, Shell buatan tmen ku, Madspot, Injection .. tpi tetep Not Found wktu di eksekusi .. ;((

      Delete
    3. BimoMay 28, 2013 at 6:10 AM

      coba make shell injection 2kb ..

      di post ada yang hapus tuh, emang ccd :3

      Delete
    4. UnknownMay 29, 2013 at 2:48 AM

      iy injection ane 2kb,
      Shell yg ku pake ..
      Injection,b374k,Madspot,Shell buatan temen, hasilnya sama Not Found, and Di Tutor yang barupun sama Not Found

      Delete
    5. BimoMay 29, 2013 at 5:32 PM

      itu emang ngak bisa gan. sering saya temui di themes "KidzStore" :D

      Delete
    6. UnknownMay 29, 2013 at 8:38 PM

      inurl:/?=cart intext:"Sorry, the Cart is empty. Select Products via Continue Shopping."

      Itu ane pke Dork yg di atas, tpi tetep not Found wktu di eksekusi,, mohon om bntuannya ..

      Delete
  5. Xjaiz NotesMay 30, 2013 at 8:59 AM

    pemanggilannya pake localhost emangnya ?

    ReplyDelete
  6. UnknownJune 4, 2013 at 2:01 AM

    buatan temen ?
    wtf >,<

    ReplyDelete
  7. UnknownJune 14, 2013 at 7:01 AM

    iy ane juga sering gitu jadi greget dibuatnya

    ReplyDelete
  8. ElNeuVendettaJune 17, 2013 at 8:58 AM

    shell yang 404 not found mungkin shell yang ada passwordnya. shell hidden, cobak cari tempat masukin password sekitar ditengah-tengah.

    ReplyDelete
  9. UnknownJuly 3, 2013 at 7:52 PM

    setelah apload shell gmana

    ReplyDelete
  10. Yogie-ExtMay 28, 2014 at 12:58 PM

    bang kok ane pass uplod shell ini gak bisa ;-( di buka gmna ya pencerahannya dong :d

    ReplyDelete
  11. UnknownJanuary 31, 2015 at 10:54 PM

    wp ya sob..

    Ijin praktek

    Download Lagu Maroon 5 - New Album 2015

    ReplyDelete

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)