Jumaat, 20 April 2012

[Tutorial hacking]wordpress sbuploader vuln


  1. =================================================================
  2. # Title: Wordpress SB Uploader Plugin Shell Upload Vulnerability
  3. # Author: JingoBD
  4. # Category: webapps
  5. # Team: Bangladesh Cyber Army
  6. # Greetz: Bedu33n,N!1L,Rex0Man & All Member of BCA.
  7. http://facebook.com/life.is.code
  8. # Plugin URI: http://wordpress.org/extend/plugins/sb-uploader/
  9. # Plugin Description: Allows the simple uploading of images to posts,
  10. pages, categories and custom post types/taxonomies. Provides
  11. shortcodes and PHP functions for easy addition to your site.
  12. # Version: 3.2 (Last Version)
  13. # Risk : High
  14. Tested on: Linux (Ubuntu)
  15. --------------------------------
  16. -[Exploit]-:
  17. 1. Dork: inurl:plugins/sb-uploader
  18. 2. Register vulnerable site. www.site.com/wp-register.php [N.B: If
  19. public registration disable This exploit is not work]
  20. 3. Confrim your email, then login.
  21. 4. Add a new post. title,body something if you want. Look right
  22. slidbar "SB Uploader" panel and upload a shell[PHP Shell]. Then
  23. publish this post.
  24. 5. Now You get a new url. like: ""
  25. Existing Post Image URL: /wp/wp-content/uploads/2012/02/img1.php
  26. That is your shell Link. ""
Dicatat oleh di

Tiada ulasan:

Catat Ulasan

Langgan: Catat Ulasan (Atom)