07-12-2014, 01:46 AM
12-22-2014, 05:45 AM
sure, I can null, where do I get the script? do you have it?
12-22-2014, 06:42 AM
(07-12-2014 01:46 AM)kiwizz Wrote: [ -> ]hi peopleHere you are. I want to become a VIP and get in on some of these group buys. How do I do it?
can anyone please null this for me
http://vinewp.com/
i keep requesting but cant se any result so thought a post will help :D
[hide]http://www22.zippyshare.com/v/48794932/file.html[/hide]
12-22-2014, 07:15 AM
(12-22-2014 06:42 AM)oasisfleeting Wrote: [ -> ]that script is already nulled... and not same as the vinewp its a php script.. if anyone has this template post here pls(07-12-2014 01:46 AM)kiwizz Wrote: [ -> ]hi peopleHere you are. I want to become a VIP and get in on some of these group buys. How do I do it?
can anyone please null this for me
http://vinewp.com/
i keep requesting but cant se any result so thought a post will help :D
[hide]http://www22.zippyshare.com/v/48794932/file.html[/hide]
12-22-2014, 09:09 PM
Uhh, hey dude, if you just look at the source code you'll see what you think is some super special vine version of wordpress is just the netix theme combined with the script I posted.
http://netix-wp.webfactoryltd.com/ <--- does this look familiar?
http://netix-wp.webfactoryltd.com/ <--- does this look familiar?
12-22-2014, 09:42 PM
okay, let's walk through this..
First, I registered here.
http://vinewp.com/vine/wp-login.php
Then I started examining source codes
I saw the plugins he was using. pretty much 90% of wordpress plugins are vulnerable.
First thing that caught my eye was the shop. jigo.
So I went here and downloaded the plugin.
https://wordpress.org/plugins/jigoshop/
Now I'm looking for local file inclusion bugs in the code.
jesus, wordpress developers are so clueless.
After downlading that shop plugin, I see a few files that i can use lfi on to find out the version he's using and my ultimate goal here is to find a download directory that isn't blocked by apache. I don't think that's going to happen though he appears to have indexing off and it's probably password protected.
http://vinewp.com/shop/wp-content/plugin...readme.txt
http://vinewp.com/shop/wp-content/plugin...oducts.xml <-- scrumptious
First, I registered here.
http://vinewp.com/vine/wp-login.php
Then I started examining source codes
I saw the plugins he was using. pretty much 90% of wordpress plugins are vulnerable.
First thing that caught my eye was the shop. jigo.
So I went here and downloaded the plugin.
https://wordpress.org/plugins/jigoshop/
Now I'm looking for local file inclusion bugs in the code.
jesus, wordpress developers are so clueless.
After downlading that shop plugin, I see a few files that i can use lfi on to find out the version he's using and my ultimate goal here is to find a download directory that isn't blocked by apache. I don't think that's going to happen though he appears to have indexing off and it's probably password protected.
http://vinewp.com/shop/wp-content/plugin...readme.txt
http://vinewp.com/shop/wp-content/plugin...oducts.xml <-- scrumptious