Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ##########################################################################
- # Exploit Title : WordPress WebFatorial-FoodNetwork Themes Unauthorized File Insertation
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 06/03/2019
- # Vendor Homepage : foodnetwork.com.br
- # Information Link : themetix.com/webfatorial-foodnetwork/
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- ##########################################################################
- # Impact :
- ***********
- WordPress WebFatorial-FoodNetwork Themes is prone to an arbitrary
- file upload vulnerability. An attacker may leverage this issue to upload arbitrary files to the
- affected computer; this can result in arbitrary code execution within the
- context of the vulnerable application. Weaknesses in this category are related to the
- management of permissions, privileges, and other security features that
- are used to perform access control.
- ##########################################################################
- # Exploit :
- *********
- /wp-content/themes/webfatorial-foodnetwork/js/jupload/index.php
- # Directory File Path :
- ********************
- /wp-content/uploads/[YEAR]/[MONTH]/.....
- Note : Search for reasonable file path.
- ##########################################################################
- # Example Vulnerable Site :
- *************************
- [+] foodnetwork.com.br/wp-content/themes/webfatorial-foodnetwork/js/jupload/index.php
- ##########################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ##########################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement