#-Title: Wordpress Salespresspro Theme File Upload Vulnerability
#-Author: unknown
#-Date: 18/01/2015
#- Vendor : Mark Dulisse
#- Link Download : sites.google.com/site/getsalespresspro20get/
#-Google Dork: inurl:wp-content/themes/Salespresspro
#- Tested on : Windows 7
#- Fixed in v2.0
==========================================================================
Proof Of Concept :
http://site.com/wp-content/themes/salespresspro/headerimgbgblog-upload.php
Upload Shell > Buka di tab baru / lewat inspect elemen
Patch :
baru / Simply cuman rename headerimgbgblog-upload.php jadi headerimgbgblog-upload.txt
Tidak ada komentar:
Posting Komentar