xer0dayz 1N3
1N3
/ reverse-engineering-wordpress-0day-exploit.txt
Last active
September 26, 2020 19:46
Reverse Engineering a Critical Wordpress 0day Exploit
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| REVERSE ENGINEERING CRITICAL WORDPRESS 0day EXPLOIT | |
| This past weekend, I noticed an interesting alert from my mod_security logs for a request being made to my Wordpress site. Although the request was un-successful, I decided to dig deeper to understand what this was request was actually trying to do. After time, I've concluded that this is possibly a new 0day exploit attempt against Wordpress or a related Wordpress plugin (iThemes Security??). I'm still trying to uncover the exact flaw being exploited here so if anyone has any further details, feel free to contact me at [email protected] or twitter @CrowdShield. | |
| ORIGINAL MOD-SECURITY REUQUEST | |
| ==> /var/log/apache2/error.log <== | |
| [Sat Aug 15 19:00:10 2015] [error] [client 46.148.18.226] ModSecurity: Warning. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Enumer8 by 1N3 v20150705 | |
| # http://crowdshield.com | |
| # | |
| TARGET="$1" | |
| LHOST="192.168.1.132" | |
| LOOT_DIR="/pentest/loot" | |
| FINDSPLOIT_DIR="/pentest/findsploit" | |
| KEY_PATH="/pentest/linux/ssh/dsa/1024" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http://google.com | |
| //google.com | |
| \\google.com | |
| \/google.com | |
| \/\/google.com | |
| /\google.com | |
| /\/\google.com | |
| |/google.com | |
| /%09/google.com | |
| /google.com |
NewerOlder