WordPress tdo mini (plugin) File Upload Vulnerability ~
is a wordpress plugin that we can exploit that can be utilized to shell or deface.
Can not wait already on the course, we immediately begin.....
First we are looking dork for explit this time ..
Dork: inurl:"plugins / tdo-mini-forms / tdomf-upload-inline.php? Tdomf_form_id = 1"
After that we lived aja choose a target that we want to hack ..
An example is below the target
To access / call the file we have uploaded before, we change the url of the target web
Will appear in the form of display lists of IP addresses
that have accessed the target web,
we live just click the IP address belongs to us
Okeh deh hell should we've managed to do our action, and
if we wanted to grow a shell we can do it dnngan
change of shell extensions to shell.php shell.php;. Jpg