• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

LinuxSec Exploit

Nothing is Ever Locked

  • XSS Payloads
  • About Us

Deface WordPress dengan Exploit Themes Qualifire File Upload Vulnerability

June 5, 2015 by Jack Wilder 1 Comment

Yuppp.. lama ya tidak share exploit deface. Kali ini saya mau share tutorial deface WordPress dengan Exploit Themes Qualifire File Upload Vulnerability . Exploit nya sudah lama sih sebenarnya, namun gak tau kenapa sekarang “bersemi kembali” . Oke gak usah lama lama , langsung saja .
Bahan :
HTML Exploit : download

Google Dorks :

  • inurl:”/wp-content/themes/qualifire”

Use your brain, bitch !
Vuln : /wp-content/themes/qualifire/scripts/admin/uploadify/uploadify.php

Simpan exploit di atas dengan format .html. Jangan lupa ganti url nya dengan url target.
Setelah itu buka file exploit nya di browser.

Shell kalian akan berada di localhost/shell.php
Karena langsung berada di public_html, jika kalian hanya ingin deface, bisa langsung upload script.

Sekian tutor Deface WordPress dengan Exploit Themes Qualifire File Upload Vulnerability kali ini, happy exploiting.

Filed Under: WordPress Exploit Tagged With: Deface, Exploit, Wordpress

Reader Interactions

Comments

  1. Azalee D Hinkle says

    December 1, 2019 at 7:31 am

    Not found gan pas dah selesai upload di html explo

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Popular Post

Upload Backdoor Lewat MySQL Database (phpMyAdmin)

Reverse Shell From Local File Inclusion Exploit

Cara Mudah Hack cPanel dengan Fitur Reset Password

Surge.sh Custom Domain or Subdomain Takeover

Tool Deface Opencart Bruteforce and Upload Image

Azure Traffic Manager Custom Domain or Subdomain Takeover

Exploit WPStore Themes Upload Vulnerability

FastMail Custom Domain or Subdomain Takeover

Cara Deface dengan Exploit Slims CMS Senayan Arbitrary File Upload Vulnerability

Cara Deface Website dengan Teknik Local File Inclusion

LinuxSec / 16 queries in 0.18 seconds