#Title : Wordpress PureVision Theme Arbitrary File Upload
#Author : mdhaxor
#Vendor : http://themeforest.net
#Download : http://themeforest.net/item/purevision-wordpress-
theme/156538
#Tested : Mozila, Chrome-> Windows
#Vulnerabillity : Arbitrary File Upload
Dork : inurl:wp-content/themes/ purevision
Vuln: /wp-content/themes/purevision/scripts/admin/uploadify/uploadify.php
if vuln it'll show a blank page
CSRF
then upload your file..
Get File Access on www.site.com/yourfilename.php
E.G www.benbusinesstransfers.com/xxd.txt
#thats_all...
No comments:
Post a Comment