Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtDaniel Godoy1337DAY-ID-21877
HistoryFeb 11, 2014 - 12:00 a.m.

Wordpress Frontend Upload Plugin - Arbitrary File Upload Vulnerability

2014-02-1100:00:00
Daniel Godoy
0day.today
16
JSON

Exploit for php platform in category web applications

# Exploit Title: Frontend Upload Wordpress Plugin - File Arbitrary Upload
# Date: 10/02/2014
# Author: Daniel Godoy
# Author Mail: DanielGodoy[at]GobiernoFederal[dot]com
# Author Web: www.delincuentedigital.com.ar
# Software: Frontend Upload
# http://codecanyon.net/item/frontend-upload/6076410?WT.ac=solid_search_item&WT.seg_1=solid_search_item&WT.z_author=gtPlugins
# Tested on: Linux
[Comment]Greetz: Ariel Orellana, TrustedBSD, Sunplace www.remoteexecution.net www.remoteexcution.com.ar
 
[PoC]
 
you can upload files with php extension. Example: c99.php, shell.gif.php, etc...
 
http://localhost/wp-content/uploads/feuGT_uploads/feuGT_1790_43000000_948109840.php
 
-------------------------
Correo enviado por medio de MailMonstruo - www.mailmonstruo.com

#  0day.today [2018-01-04]  #
JSON