WordPress.org

Ready to get started?Download WordPress

Forums

SyRiAn Latest exploit (2 posts)

  1. phpnukes
    Member
    Posted 2 years ago #

    #  ____ _ _    __ _ _ _ _  _      __      _ _    _             
    
    # /_ _ _|\ \  / /| |____ \| |    /  \    | |\ \  ||             
    
    # (_ _    \ \/ / | |____||| |   / /\ \   | | \ \ ||                      
    
    # \_ _ \   \  |  | |____/ | |  / /--\ \  | |  \ \||              
    
    # __ _) |  |  |  | |  \ \ | | / /----\ \ | |   \ \|          
    
    #|_ _ _/   |__|  |_|   \_\|_|/_/      \_\|_|    \_|    
    
    #  _ _ _ _          _ _
    
    # /_ _ _| |        | | |   [ ~~Syrian Sh3ll~~ ] is a php evil script , please use it against ISRAEL Only .  
    
    # (___  | |__   ___| | |   Coded By :  EH << SyRiAn | 34G13  <~> sy34[at]msn[dot]com
    
    # \___ \|  _ \ / _ \ | |   Note : I'm Proud to be ~~SyRiAn~~
    
    # __ _)|| | | || __/ | |   Copyright (C) 2010 - ~~ syrian-shell.com ~~
    
    #|_ _ _/|_| |_|\___|_|_|   Thanx : [ Allah ] [ HaniWT ] [ SyRiAn_SnIpEr ] [ SyRiAn_SpIdEr ] [ TNT Hacker ] .
    
    #
    
    ## leak3d by ~> chippy1337.. k0mpl1m3nts [ TFL ], [ XiX ], [ LuSiD ], [ hysterix ]

    Not sure if safe to post this image file this is the header of the php file uploaded as an image.

    My server stopped the script while it was running.

    I'm using the latest wordpress using News Magazine Theme 640

    user uploaded an image file as php code and started the script

    My question is how did wordpress load a php file as an image maybe does it mean the solution is to approve all images first by admin.

  2. Damien
    Member
    Posted 2 years ago #

    How did they start the script? I can shell myself using this exploit in the root folder obviously as a exploit.php file (nice options too) but this wont work uploaded as a renamed file. It might upload as one, but I couldn't get it to function from there, probably as intended :)

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.