Linux Security Web And Vulnerability

In this brief article I will give a little tutorial for how we can embed a web shell at cms wordpress without using any plugins.
This I did on the localhost with the URL address and wordpress.localhost on WordPress version 3.2. For other versions, please try ...
Once we managed to get the wordpress admin account target, it's up to you how to get it, probably from SQL Injection, Social enginering, whatever is not the problem, which is important to go to the Dashboard from admin

Well, we start ..
Login to the admin dashboard panel of its via http://wordpress.localhost/wp-login.php



Enter your username and password from his wordpress, after a successful login, then we will be taken to the dashboard page admin panel, like the bland below



Once successful, then select Appreance --> Editor and select a file we will edit, for example, we select the file header.php, like the one in the picture below.



Then please us include uploader php script that allows you to upload a shell our website at the beginning of the script file header.php.this is example file:

Download

Then click the Update file, and note the words "File edited successfully", and note the URL is created that is

That means the file was located in the path / wp-content/themes/twentyeleven/header.php

As in the show in the picture below



then the URL to access the last uploader was: http://wordpress.localhost/wp-content/themes/twentyeleven/header.php




It remains to be uploading a web shell, for example C100.
and to access his sojourn we navigate to the folder twentyeleven
thus becomes:
http://wordpress.localhost/wp-content/themes/twentyeleven/c100.php
and ... Here is the result:



Binggo, we get its web shell ..
DO NOT FORGET TO REMOVE THE FILE header.php Uploader

Happy Hacking ...