Hi again.  I'm trying out the exploit http://www.exploit-db.com/exploits/16181/.
I made a PHP payload in meterpreter (which works) and want to upload it to my wordpress site using the vuln described in exploit-db.

I edited the file header with the hex code provided in the exploit provided as so:


Then I'm using Webscarab to intercept the POST command and edit the content-type to "image/gif".  The file im uploading is ofcourse .php file.
The upload is somewhat successful as i don't get the usual error message telling me its the wrong filetype:



However, when checking my directory there are no files being uploaded.
Does anyone know the reason for this?  I don't think its the filesize as my payload (php) is 1.28K.  Did i miss someting?

Im thinking im missing some size definition of my picture maybe?

Hi again.

i just tested renaming the file to gif and it works.  So there is something wrong with my content type change i guess.

If all of the files you upload, are not stored on the webserver, then you need to make that directory writeable, and possibly also check who's the owner of that directory if you're on Linux. (It's quite important if you don't run Apache workers as root, which wouldn't be very smart to do hehe  )

As the others said, to execute a GIF file as PHP, you would need to have one of the following conditions in order: (This is just a few examples, not a complete list.)
1) Be able to upload a file like image.gif.php (or for that sake image.php%00.gif)
2) Include the GIF file, in a PHP script which evaluates the code (often include() or require() is vulnerable.). In this case, the file extension can be image.gif without any extra .php or similar extensions after .gif
3) Force "php" on the target to execute your image.gif file as a php script. (Unlikely, because if you control "php" on the target, you probably got shell access already.)

Is there a reason you think the existing Wordpress install is a vulnerable version? That sploit is 5 months old and may have been patched...

I appreciate the level of confidence being shown in regards to my intellect!
The screenshot posted is the plugin functionality, and im using the plugin version specified in the exploit tturner.  I can't see where i have specified using the newest plugin version, as this obviously would be patched.

I will be trying some more and update if i find a solution.