API tools faq
paste
Advertisement
KingSkrupellos

WordPress WebFatorial-FoodNetwork Themes File Insert Vuln

KingSkrupellos
Mar 5th, 2019
112
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.99 KB | None | 0 0
raw download clone embed print report
  1. ##########################################################################
  2.  
  3. # Exploit Title : WordPress WebFatorial-FoodNetwork Themes Unauthorized File Insertation
  4. # Author [ Discovered By ] : KingSkrupellos
  5. # Team : Cyberizm Digital Security Army
  6. # Date : 06/03/2019
  7. # Vendor Homepage : foodnetwork.com.br
  8. # Information Link : themetix.com/webfatorial-foodnetwork/
  9. # Tested On : Windows and Linux
  10. # Category : WebApps
  11. # Exploit Risk : Medium
  12. # Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]
  13. # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
  14. # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
  15. # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
  16.  
  17. ##########################################################################
  18.  
  19. # Impact :
  20. ***********
  21. WordPress WebFatorial-FoodNetwork Themes is prone to an arbitrary
  22.  
  23. file upload vulnerability. An attacker may leverage this issue to upload arbitrary files to the
  24.  
  25. affected computer; this can result in arbitrary code execution within the
  26.  
  27. context of the vulnerable application. Weaknesses in this category are related to the
  28.  
  29. management of permissions, privileges, and other security features that
  30.  
  31. are used to perform access control.
  32.  
  33. ##########################################################################
  34.  
  35. # Exploit :
  36. *********
  37. /wp-content/themes/webfatorial-foodnetwork/js/jupload/index.php
  38.  
  39. # Directory File Path :
  40. ********************
  41. /wp-content/uploads/[YEAR]/[MONTH]/.....
  42.  
  43. Note : Search for reasonable file path.
  44.  
  45. ##########################################################################
  46.  
  47. # Example Vulnerable Site :
  48. *************************
  49. [+] foodnetwork.com.br/wp-content/themes/webfatorial-foodnetwork/js/jupload/index.php
  50.  
  51. ##########################################################################
  52.  
  53. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
  54.  
  55. ##########################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!