Waraxe Forums

barr0w · Regular user

Koko, your English is fine.

So I realized that I have edit access to all of the plugins, so I figured I would just edit the Hello Dolly plugin since it's not activated.

I go to Plugins -> Plugin Editor. Open up hello.php, take out the contents of hello.php and add the contents of c99shell.php (it's the only shell I have). My problem is that when I click the 'Update File' button to save it I receive a "HTTP Error 406 - Not acceptable" error in my Internet Explorer window. I know I have edit access to that file because I can add comments in it and it will save the changes.

When I try to save it in Firefox I get:
Not Acceptable
An appropriate representation of the requested resource /blog/wp-admin/plugin-editor.php could not be found on this server.

I'm stumped.

barr0w · Regular user

Sorry to keep posting but I keep getting one step further.

I think that I'm receiving these 406 errors because of some mod_security settings on the server. Does this mean that I hit a dead end? All I have is Wordpress Admin, and I can't upload my shells because of the mod_security rules.

Edit: Also, I know that I cna edit the .htaccess file to get around this. But when I try to edit the .htaccess file through the Wordpress File Manager I get the same 406 error that is stopping me from doing everything else.

pexli · Valuable expert

Maybe plugin-editor.php mising for security reasons.Try Manage>>Files.

barr0w · Regular user

I've tried:
- Manage -> Files
- Plugins -> Plugin Editor
- Write -> Post -> Upload

The mod-security rule is affecting all of those. Unless someone has another idea of getting around mod_security I think I'm going to give up on this site and try getting into another. This is just for pracice anyways.

pexli · Valuable expert

Pls send me this wordpress on PM.I want to look inside.Thank you.

pexli · Valuable expert

You have access to edit all wordpress files.Yes plugin editot not work,but you may edit every file with manager>>files.I edit the wp-atom.php and put my code in there.You have PM.

P.S.I hope you know basic UNIX commands. Laughing

barr0w · Regular user

Thank you so much for your help Koko, HAS is a very interesting tool.

UPDATE: Using HAS I was able to make edits to the .htaccess file disabling mod_security. This let me upload my shell. Thanks for the help.

laydback · Beginner

I made a video tutorial on the admin-ajax vuln.

Check it out --> http://h4ck3d.by.ru/

drag · Active user

drag · Active user

Well.. it looks like I have no access to edit any files within the wordpress installation. Unfortunate. Does this mean that I'm pretty hosed?

pexli · Valuable expert

drag · Active user

Just to make sure I understand, the admin has set the permissions on the files so that the user that the webserver is running doesn't have write access to them?

pexli · Valuable expert

Write access from where?From admin panel or from shell?

drag · Active user

my last post should have read:

Just to make sure I understand, the admin has set the permissions on the files so that the user (that the webserver is running under) doesn't have write access to them?

pexli · Valuable expert

You have perms to edit files ONLY when wordpress is installed.Outside you don't have edit perms.