Orange Themes Unauthenticated Generic Upload and Remote Code Execution
|Product Type||Metasploit Exploit|
|Author||Brandon T Perry (brandonprry)|
|Disclosure Date||Jan 1, 1970|
|Validation Status||Unvalidated - Sanity Checked|
|Validation Queue Position||No|
This module iterates over known vulnerable themes by Orange Themes and attempts to pop the shell with a generic open file handler common across each theme.
Unknown versions of Orange Themes variants are vulnerable to an open upload handler, allowing an attacker to upload PHP scripts and gain remote code execution. http://www.exploit-db.com/exploits/29946/ http://www.orange-themes.com
Write Your Own Review
- No reviews.