WordPress hfile-upload Unauthorized File Insertation

1. ####################################################################
2.  
3. # Exploit Title : WordPress hfile-upload Unauthorized File Insertation
4. # Author [ Discovered By ] : KingSkrupellos
5. # Team : Cyberizm Digital Security Army
6. # Date : 06/03/2019
7. # Vendor Homepage : wordpress.org ~ themegrill.com/themes/accelerate
8. # Software Version : Free Version is 1.3.9 & Pro Version is 2.2.4.
9. # Tested On : Windows and Linux
10. # Category : WebApps
11. # Exploit Risk : Medium
12. # Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]
13. # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
14. # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
15. # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
16.  
17. ####################################################################
18.  
19. # Impact :
20. ***********
21. WordPress hfile-upload is prone to an arbitrary file upload vulnerability.
22.  
23. An attacker may leverage this issue to upload arbitrary files to the affected computer;
24.  
25. this can result in arbitrary code execution within the context of the vulnerable application.
26.  
27. Weaknesses in this category are related to the management of permissions,
28.  
29. privileges, and other security features that are used to perform access control.
30.  
31. ####################################################################
32.  
33. Copyright © 2019 St Augustine Pony Club.
34. Powered by WordPress. Theme: Accelerate by ThemeGrill.
35.  
36. # Arbitrary File Upload Exploit :
37. ****************************
38. /wp-content/hfile-upload/form.php
39.  
40. # Directory File Path :
41. ********************
42. /wp-content/hfile-upload/uploads/.....
43.  
44. NOTE: You can only upload .jpg, .jpeg, .png, .gif, .txt, or .pdf files.
45.  
46. ####################################################################
47.  
48. # Vulnerable Source Code : [ form.php ]
49. ************************************
50. <html>
51. <head>
52. <title>
53. PHP File Upload Script - File Manipulation
54. </title>
55. <link href="./style.css" rel="stylesheet" type="text/css">
56. <body>
57.  
58. <div class='frms' >
59. <form action="" method="post" enctype="multipart/form-data">
60. <label>Upload File : </label><input type="file" name="file" id="file">
61. <input type="hidden" name="formatt" id="format" value='hscripts'>
62. <input type="submit" id="sub" value="Submit">
63.  
64. </form>
65.  
66. </div>
67. <div><strong>NOTE:</strong> You can only upload .jpg, .jpeg, .png, .gif, .txt, or .pdf files.<br><br>
68. Also, please make sure you label your coggins with your last name ( such as: Smith-coggins.jpg or Smith-coggins.pdf ) <br>
69. </div>
70. </body>
71. </html>
72.  
73. ####################################################################
74.  
75. # Example Vulnerable Sites :
76. *************************
77. [+] staugustineponyclub.com/wp-content/hfile-upload/form.php
78.  
79. ####################################################################
80.  
81. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
82.  
83. ####################################################################