WordPress Smallbiz Themes Remote File Uploads Vulnerability - 3xploi7 BuG

WordPress Smallbiz Themes Remote File Uploads Vulnerability


#- Title: Wordpress Smallbiz Themes Remote File Uploads Vulnerability
#- Author: FullSecurity.org
#- Date: 09-02-2016
#- Developer : expand2web.com
#- Link Download : www.expand2web.com/smallbiz-theme/
#- Google Dork: inurl:"/themes/smallbiz/"
#- Fixed in Version : -
#- Tested on : Wessel
=======================================================
-- Proof Of Concept --

Vulnerability : site/wp-content/themes/smallbiz/palette/index.php

require("cpg.php");

if( $_GET['image'] ) // selected image from bookmark or get form
        $file = $_GET['image'];

if( $_FILES['userfile']['tmp_name'] ) // Upload detected captain!
        handle_upload();

When Vulnerable : 


Method :
1. Go to site.com/wp-content/themes/smallbiz/palette/index.php
2. Upload your image
3. if succes, click image & open in new tab


3xploi7 Team

0 Response to "WordPress Smallbiz Themes Remote File Uploads Vulnerability"

Posting Komentar

Tempat Diskusi

Iklan Atas Artikel

3xploi7 1

3xploi7 2

Iklan Bawah Artikel

Kunjungi Terus " 3xploi7 " untuk update menarik selanjutnya

Simak Update Artikel menarik disini, Stay toon !! 3xploi7.com
Jangan sampai Terlewatkan.

• Join Grup Team :
— Facebook Grup ( 3.235 Anggota ) 
— Line Square 

• Kerja Sampingan:
— Team.3xploi7.com