29.gif
Best Blackhat Forum / Freebies / Software, Scripts, Plug-ins, Tools and Bots / WordPress Really Simple Guest Post +Tools

Search (advanced search)
Use this Search form before posting, asking or make a new thread.
Tips: Use Quotation mark to search words (eg. "How To Make Money Online")

New Reply
 
06-17-2015, 07:04 PM
Post: #1
v30sharp Offline
Newbie
***
Posts: 1
Joined: Mar 2015

Reputation: 0
WordPress Really Simple Guest Post +Tools
This Tools For my Bros..
You can with this tools retrieve passwd file or any file from server..whit wp bug

This tool writed by me and published in my blog : xknife.org

Code:
# Exploit Title: Wordpress Really Simple Guest Post File Include
# Google Dork: inurl:"really-simple-guest-post" intitle:"index of"
# Date: 04/06/2015
# Exploit Author: Kuroi'SH
# Software Link: https://wordpress.org/plugins/really-simple-guest-post/
# Version: <=1.0.6
# Tested on: Linux

The vulnerable file is called:
simple-guest-post-submit.php and its full path is
/wp-content/plugins/really-simple-guest-post/simple-guest-post-submit.php
The vulnerable code is as follows:
(line 8)
require_once($_POST["rootpath"]);
As you can see, the require_once function includes a data based on
user-input without any prior verification.
So, an attacker can exploit this flaw and come directly into the url
/wp-content/plugins/really-simple-guest-post/simple-guest-post-submit.php
and send a post data like: "rootpath=the_file_to_include"

Tools Link This
find Quote
06-17-2015, 10:59 PM
Post: #2
febbylous Offline
Senior Member
***
Posts: 533
Joined: May 2015

Reputation: 186
RE: WordPress Really Simple Guest Post +Tools
I don.t really understand :D Can you make it specific :v
www find Quote
New Reply
 




19.gif
Contact Us | BestBlackhatForum | Return to Top | Return to Content | Lite (Archive) Mode