• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

LinuxSec Exploit

Nothing is Ever Locked

  • XSS Payloads
  • About Us

Deface WordPress dengan Exploit Themes Qualifire File Upload Vulnerability

June 5, 2015 by Jack Wilder 1 Comment

Yuppp.. lama ya tidak share exploit deface. Kali ini saya mau share tutorial deface WordPress dengan Exploit Themes Qualifire File Upload Vulnerability . Exploit nya sudah lama sih sebenarnya, namun gak tau kenapa sekarang “bersemi kembali” . Oke gak usah lama lama , langsung saja .
Bahan :
HTML Exploit : download

Google Dorks :

  • inurl:”/wp-content/themes/qualifire”

Use your brain, bitch !
Vuln : /wp-content/themes/qualifire/scripts/admin/uploadify/uploadify.php

Simpan exploit di atas dengan format .html. Jangan lupa ganti url nya dengan url target.
Setelah itu buka file exploit nya di browser.

Shell kalian akan berada di localhost/shell.php
Karena langsung berada di public_html, jika kalian hanya ingin deface, bisa langsung upload script.

Sekian tutor Deface WordPress dengan Exploit Themes Qualifire File Upload Vulnerability kali ini, happy exploiting.

Shares

Filed Under: WordPress Exploit Tagged With: Deface, Exploit, Wordpress

Reader Interactions

Comments

  1. Azalee D Hinkle says

    December 1, 2019 at 7:31 am

    Not found gan pas dah selesai upload di html explo

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Popular Post

Tool Deface Opencart Bruteforce and Upload Image

Bruteforce FTP Login dengan Metasploit Module FTP Authentication Scanner

Exploit WPStore Themes Upload Vulnerability

Deface WordPress dengan Exploit Themes Qualifire File Upload Vulnerability

Deface WordPress Dengan Exploit Archin WordPress Theme 3.2 Unauthenticated Configuration Access Vulnerability

bWAPP Remote File Inclusion Medium Security Level

Open Redirect Bypass Cheat Sheet

RCE pada Redis via Master-Slave Replication

FastMail Custom Domain or Subdomain Takeover

Heroku Custom Domain or Subdomain Takeover

LinuxSec / 64 queries in 0.08 seconds