• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

LinuxSec Exploit

Nothing is Ever Locked

  • XSS Payloads
  • About Us

Deface WordPress dengan Exploit WordPress Plugins WPShop File Upload Vulnerability

May 18, 2015 by Jack Wilder Leave a Comment

Mau share aja exploit yang ditemukan oleh saya dan teman saya dari Indonesian Cyber Army, Mr.Xenophobic. Nama nya Exploit WordPress Plugins WPShop File Upload Vulnerability. Fuck 1337day.com for reject this exploit =))
Exploiter :
Exploit WordPress Plugins WPShop File Upload Vulnerability – Click Here

Google Dork :

  • inurl:?wpshop_product_category=

Use your brain, bitch !

Vuln Victim : /wp-content/plugins/wpshop/includes/ajax.php?elementCode=ajaxUpload

Simpan exploiter diatas dalam bentuk python. Ganti url target dengan target vuln.
Jika vuln nanti output nya seperti ini :

Setelah itu buka url target :

  • http://webtarget/wp-content/uploads/out.php

Selanjutnya buka lagi shell kalian akan berada di :

  • http://webtarget/wp-content/uploads/njepat.php

Sekian tutor kali ini semoga bermanfaat.

Shares

Filed Under: WordPress Exploit Tagged With: Deface, Exploit, Hacking

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Popular Post

Exploit Drupal Core 7.x Auto SQL Injection dan Upload Shell

Reverse Shell From Local File Inclusion Exploit

Woocommerce Custom Tshirt Desginer CSRF Shell Upload Vulnerability

Tutorial Deface – Menutup Halaman Depan Situs Target dengan JS Overlay

Prestashop Module Blocktestimonial File Upload Auto Exploit

GitHub Custom Domain or Subdomain Takeover

Deface WordPress dengan Exploit WordPress TheLoft Theme Arbitrary File Download Vulnerability

RCE pada Redis via Master-Slave Replication

Deface WordPress Dengan Exploit Archin WordPress Theme 3.2 Unauthenticated Configuration Access Vulnerability

Hack Targeted Website using Reverse IP

Powered by WordPress and Genesis Framework. Style by LinuxSec.