Parceiro: Camisetas Hacker

Camisetas para Nerds & Hackers

Mostrando postagens com marcador download. Mostrar todas as postagens
Mostrando postagens com marcador download. Mostrar todas as postagens

sexta-feira, 2 de janeiro de 2015

Wordpress A.F.D Verification/ INURL - BRASIL - WORDPRESS THEMES DOWNLOAD.PHP FILE DISCLOSURE


Multiple WordPress themes suffer from an arbitrary file download vulnerability in download.php. These include Ultimatum, Medicate, Centum, Avada, Striking Theme & E-Commerce, cuckootap, IncredibleWP, Ultimatum, Medicate, Centum, Avada, Trinity, Lote27, and Revslider themes.

Multiple WordPress themes suffer from an arbitrary file download vulnerability in download.php. These include Ultimatum, Medicate, Centum, Avada, Striking Theme & E-Commerce, cuckootap, IncredibleWP, Ultimatum, Medicate, Centum, Avada, Trinity, Lote27, and Revslider themes.


------------------------------------------------------------------------------
# *NAME*:               Wordpress A.F.D Verification/ INURL - BRASIL
# *TIPE*:                   Arbitrary File Download
# *Tested on*:            Linux
# *EXECUTE*:         php exploit.php www.target.gov.us
# *OUTPUT*:           WORDPRES_A_F_D.txt
# *AUTOR*:             GoogleINURL
# *EMAIL*:              [email protected]
# *Blog*:                   http://blog.inurl.com.br
# *Twitter*:               https://twitter.com/googleinurl
# *Fanpage*:             https://fb.com/InurlBrasil
# *GIT: *                   https://github.com/googleinurl
# *YOUTUBE  *       https://www.youtube.com/channel/UCFP-WEzs5Ikdqw0HBLImGGA
# *PACKETSTORMSECURITY:* http://packetstormsecurity.com/user/googleinurl/
#
------------------------------------------------------------------------------
#  Comand Exec Scanner INURLBR:
#
# ./inurlbr.php --dork 'inurl:/wp-content/themes/' -q 1,6 -s save.txt --comand-all "php exploit.php _TARGET_"
#
------------------------------------------------------------------------------
#
# Download Scanner INURLBR:
# https://github.com/googleinurl/SCANNER-INURLBR
#
------------------------------------------------------------------------------

Description:

This exploit allows the attacker to exploit the flaw Arbitrary File
Download in dozens of wordpress themes.
Through regular expressions, the script will perform the check for each
target url checking your wp-config.php file
Regular expressions:
preg_match_all("(DB_NAME.*')", $body, $status['DB_NAME']);
preg_match_all("(DB_USER.*')", $body, $status['DB_USER']);
preg_match_all("(DB_PASSWORD.*')", $body, $status['DB_PASSWORD']);
preg_match_all("(DB_HOST.*')", $body, $status['DB_HOST']);
preg_match_all("(DB_CHARSET.*')", $body, $status['DB_CHARSET']);

*D O R K'S:

WordPress Ultimatum Theme Arbitrary File Download
Vendor Homepage:: http://ultimatumtheme.com/ultimatum-themes/s


WordPress Centum Theme Arbitrary File Download
Vendor Homepage::
http://themeforest.net/item/centum-responsive-wordpress-theme/3216603
Google Dork:: "Index of" & /wp-content/themes/Centum/

WordPress Avada Theme Arbitrary File Download
Vendor Homepage::
http://themeforest.net/item/avada-responsive-multipurpose-theme/2833226
Google Dork:: "Index of" & /wp-content/themes/Avada/

WordPress Striking Theme & E-Commerce Arbitrary File Download
Vendor Homepage::
http://themeforest.net/item/striking-multiflex-ecommerce-responsive-wp-theme/128763
Google Dork:: "Index of" & /wp-content/themes/striking_r/

WordPress Beach Apollo Arbitrary File Download
Vendor Homepage:: https://www.authenticthemes.com/theme/apollo/
Google Dork:: "Index of" & /wp-content/themes/beach_apollo/

Dork Google: inurl:ajax-store-locator
index of ajax-store-locator
Vendor Homepage::
http://codecanyon.net/item/ajax-store-locator-wordpress/5293356

WordPress cuckootap Theme Arbitrary File Download
Google Dork:: "Index of" & /wp-content/themes/cuckootap/
Vendor Homepage:: http://www.cuckoothemes.com/

WordPress IncredibleWP Theme Arbitrary File Download
Vendor Homepage:: http://freelancewp.com/wordpress-theme/incredible-wp/
Google Dork:: "Index of" & /wp-content/themes/IncredibleWP/

WordPress Ultimatum Theme Arbitrary File Download
Vendor Homepage:: http://ultimatumtheme.com/ultimatum-themes/s
Google Dork:: "Index of" & /wp-content/themes/ultimatum

WordPress Medicate Theme Arbitrary File Download
Vendor Homepage::
http://themeforest.net/item/medicate-responsive-medical-and-health-theme/3707916
Google Dork:: "Index of" & /wp-content/themes/medicate/


WordPress Centum Theme Arbitrary File Download
Vendor Homepage::
http://themeforest.net/item/centum-responsive-wordpress-theme/3216603
Google Dork:: "Index of" & /wp-content/themes/Centum/

WordPress Avada Theme Arbitrary File Download
Vendor Homepage::
http://themeforest.net/item/avada-responsive-multipurpose-theme/2833226
Google Dork:: "Index of" & /wp-content/themes/Avada/

WordPress Striking Theme & E-Commerce Arbitrary File Download
Vendor Homepage::
http://themeforest.net/item/striking-multiflex-ecommerce-responsive-wp-theme/128763
Google Dork:: "Index of" & /wp-content/themes/striking_r/

WordPress Beach Apollo Arbitrary File Download
Vendor Homepage:: https://www.authenticthemes.com/theme/apollo/
Google Dork:: "Index of" & /wp-content/themes/beach_apollo/

WordPress Trinity Theme Arbitrary File Download
Vendor Homepage:: https://churchthemes.net/themes/trinity/
Google Dork:: "Index of" & /wp-content/themes/trinity/

WordPress Lote27 Theme Arbitrary File Download
Google Dork:: "Index of" & /wp-content/themes/lote27/

WordPress Revslider Theme Arbitrary File Download
Vendor Homepage::
http://themeforest.net/item/cuckootap-one-page-parallax-wp-theme-plus-eshop/3512405
Google Dork:: wp-admin & inurl:revslider_show_image




Exploit::
http://pastebin.com/ZEnbxXXd
http://packetstormsecurity.com/files/129706/WordPress-Themes-download.php-File-Disclosure.html

sexta-feira, 29 de novembro de 2013

Curso OYS – [ Análise e Testes de Vulnerabilidades em Redes Corporativas ]

Curso OYS –  [ Análise e Testes de Vulnerabilidades em Redes Corporativas ]


Introdução à Segurança da Informação
Introdução ao Teste de Invasão e Ética Hacker
Google Hacking
Levantamento de Informações
Entendendo a Engenharia Social e o No-Tech Hacking
Varreduras ativas, passivas e furtivas de rede
Enumeração de informações e serviços
Trojans, Backdoors, Vírus, Rootkits e Worms
Ignorando Proteções
Técnicas de Força Bruta
Vulnerabilidades em aplicações web
SQL Injection
Elevação de Privilégios Locais
Testando o sistema
Smurf Attack
Técnicas de Sniffing
Exploits
Ataques a Servidores WEB
Metasploit Framework

Tamanho: 5,71 GB
[ 6 ] PARTES:
http://goo.gl/5G3dI7
http://goo.gl/NhjsSj
http://goo.gl/dCCSxr
http://goo.gl/LlQVpq
http://goo.gl/jkYALy
http://goo.gl/2ylqKV

$fonte::::: https://twitter.com/Cr4t3r