SpareNet Servers Advertising & Link Exchange

اطلاعیه

بستن
هیچ اطلاعیه ای هنوز ایجاد نشده است .

Plugin Buddypress Xprofile Custom Fields Type 2.6.3 Arbitrary File Deletion – Unlink

بستن
X
 
  • فیلتر
  • زمان
  • نمایش
پاک کردن همه
نوشته‌های جدید

  • Plugin Buddypress Xprofile Custom Fields Type 2.6.3 Arbitrary File Deletion – Unlink

    [align=center]Plugin Buddypress Xprofile Custom Fields Type 2.6.3 Arbitrary File Deletion – Unlink[/align][align=left]
    کد:
    Details
    
    Name : Buddypress Xprofile Custom Fields Type
    Version : 2.6.3
    Homepage : https://wordpress.org/plugins/buddypress-xprofile-custom-fields-type/
    
    Type
    
    Arbitrary File Deletion
    Remote Code Execution - RCE
    
    Description
    
    Type user access: any user registered used in BuddyPress.
    $_POST[ 'field_' . $field_id . '_hiddenfile' ] is not escaped.
    $_POST[ 'field_' . $field_id . '_deleteimg' ] is not escaped.
    
    Code
    File: wp-conent/plugin/buddypress-xprofile-custom-fields-type/bp-xprofile-custom-fields-type.php Lines: 452, 472, 496, 513, 568, 579 Examples:
    
    unlink( $uploads['basedir'] . $_POST[ 'field_' . $field_id . '_hiddenfile' ] );
    
    unlink( $uploads['basedir'] . $_POST[ 'field_' . $field_id . '_hidd
    [align=center]


    [/align]
    کد:
    Proof Concept
    https://www.youtube.com/watch?v=uIO_DvWCM3s 1- Log in with BuddyPress User 2 - Access Edit Profile: http://target/members/admin/profile/edit/ 3 - Register data with image
    
    Change parameter sours code to delete image in html and save profile
    wp-config deleted and restart the all system
    [/align]
    -----------------------------SAFE MASTER---------------------------
    تاپیک هکر های تازه وارد
صبر کنید ..
X