######################################################## # Exploit Title: Wordpress Plugin easy-comment-uploads File Upload Vulendrability ######################################################## # Google Dork: inurl:/wp-content/plugins/easy-comment-uploads/upload-form.php # Date: [06/11/2015] # Exploit Author: Guardiran Security Team =>DeMoN # Vendor Homepage: [https://wordpress.org/support/topic/plugin-easy-comment-uploads-got-hacked-because-of-this-plugin] # Software Link: [-] # Version: [-] # Tested on: [Win 8.1/Google chrome] # CVE : [-] ######################################################## # DISCRIPTION: Hello Guys.You Can Upload Deafce Oage Or Your Shell.When You Uploaded Your Files # You Have To Go To This Section. # [/wp-content/uploads/2015/]. # Please Pay Attention.Today Is 06/11/2015.If You Going To Upload Your Files In One Month Later # The Link Of Your Files Will Be # [/wp-content/uploads/2015/07]. # GooD LucK My Friends. ######################################################## # Demo: # https://www.fairyhouses.Xcom/wp-content/plugins/easy-comment-uploads/upload-form.php # http://www.mukorom.inXfo/wp-content/plugins/easy-comment-uploads/upload-form.php # http://www.toiwhakaarXi.ac.nz/wp-content/plugins/easy-comment-uploads/upload-form.php # http://www.ritalee.coXm.br/blog/wp-content/plugins/easy-comment-uploads/upload-form.php # http://www.asecretgXiftbook.com/wp-content/plugins/easy-comment-uploads/upload-form.php # http://www.wildschXoenau.tv/wp-content/plugins/easy-comment-uploads/upload-form.php # http://www.nekudXathibur.com/wp-content/plugins/easy-comment-uploads/upload-form.php ######################################################## # Thanks to : C0d3!Nj3ct!0N | REX | abarestan | GrYpHoN | BLACKH4T # We Are Guardiran Security Team # Discovered By:DeMoN ########################################################