Exploit Wordpress Smallbiz Themes Remote File Uploads Vulnerability

[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+]
[+] Exploit Title: Wordpress Smallbiz Themes Remote File Uploads Vulnerability
[+]
[+] Exploit Author: FullSecurity.org
[+]
[+] Discovered By: Milad Hacking
[+]
[+] Vendor Homepage : wordpress.org
[+]
[+] Date: 2016-02-09
[+]
[+] Tested on: Kali Linux / lceweasel
[+]
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]

Vulnerability Code

<?php
/*
Color Palette Generator v1.2
by Jeff Minard cpg (aht) jrm.cc
http://jrm.cc/

Please read and abide by the accompanying license:
gpl.txt
-or-
http://creativecommons.org/licenses/GPL/2.0/
*/

require("cpg.php");

if( $_GET['image'] ) // selected image from bookmark or get form
$file = $_GET['image'];

if( $_FILES['userfile']['tmp_name'] ) // Upload detected captain!
handle_upload();

// Recommended Image Form Items
$recommended = get_image_list($rec_image_dir);

// User Submitted Image
$user_submitted = get_image_list($image_dir);

// Steps Form Options
$step_options = get_steps_list();

// Methods!
$method_options = get_method_list();

if( $file ) // hoooo buddy, process the image.
$color_palette = get_color_palette($file);


?>

[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]

[+] Demo :

http://www.performanceglass1.com/wp-content/themes/smallbiz/palette/index.php

http://www.divasmph.org/divasmph.com-redirect/test2/wp-content/themes/smallbiz/palette/index.php

http://www.invincibleczars.com/blog/wp-content/themes/smallbiz/palette/index.php

http://www.delamenardiere.com/art/wp-content/themes/smallbiz/palette/index.php

http://www.huntlaudistudio.com/void/wp-content/themes/smallbiz/palette/index.php

http://www.huntlaudistudio.com/void/wp-content/themes/smallbiz/palette/index.php

http://www.louisianarunning.com/wp-content/themes/smallbiz/palette/index.php

http://www.mikrofininvest.com/wp-content/themes/smallbiz/palette/index.php

[+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+]

Special thanks to: iliya Norton - Milad Hacking - Mohamad Ghasemi
- irhblackhat - Distr0watch - N3TC4T - Ac!D - Mr.G}{o$t -
S4livan - MRS4JJ4D - SeCrEt_HaCkEr , Nazila Blackhat , Bl4ck_MohajeM , Xodiak

[+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+]

Greetz to: My Lord Allah
https://telegram.me/thehacking
http://FullSecurity.org
milad.hacking.blackhat@Gmail.com
[+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+] [+]
Share on Google Plus

About Vo Uu

Tác Giả là người chuyên nghiên cứu về các kỹ thuật hacking, security, marketing, là người có góc nhìn lạ và đi sâu vấn đề cũng như là một con người thẳng thắn góp ý. Nếu sử dụng bài trên blog mong các bạn dẫn lại nguồn tác giả!!! Tác Giả rất mong có sự đóng góp hội ý từ cộng đồng để cho an toàn an ninh mạng việt nam ngày càng được an toàn hơn!!

0 nhận xét:

Post a Comment