rtMedia | Budy-Press Wordpress Plugins Vuln Arbitrary File Upload

Adm0n. Old Mantap Mantap. ini plugins lumayan old cuma banyak dari kalian termasuk mimin sendiri baru tau ini wkwkw, maklum lah ya udah ga fokus beginian soale :v langsung ke tutor aja.

Bahan:
~ Shell .PhP.jpg atau .jpg aja gapapa tergantung site.
~ CSRF bisa online aja
~ Akses internet pasti wkwk,

Dork:
inurl:/wp-content/plugins/buddypress-media/app/helper/rtUploadAttachment.php
use your brain!

pertama kalian ngedork dolo jangan lupa racik biar giting.
disini mimin asumsikan kalian dah nemu target y.

ciri ciri web vuln? ada alert "{"success":"Form was submitted","formData":[]}"

nah kalo udah kayak gini kalian pergi ke csrf onlen, POST "formData" jangan lupa
like this

kalian klik simpan, nah bakal redir ke page upload shell, Inget! shell cuma bisa ext .php.jpg or .jpg!

langsung aja sikat pijit tombol upload, nah kalo shell kalian ke upload pasti ada aler kek gini.

nah akses filenya
www.site.com/wp-content/uploads/rtMedia/tmp/Shell_kalian.PhP.jpg
like this

GoodLuck!

Bagikan Artikel ini