Wordpress Plugin easy-comment-uploads File Upload Vulendrability

2015.11.06
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

######################################################## # Exploit Title: Wordpress Plugin easy-comment-uploads File Upload Vulendrability ######################################################## # Google Dork: inurl:/wp-content/plugins/easy-comment-uploads/upload-form.php # Date: [06/11/2015] # Exploit Author: Guardiran Security Team =>DeMoN # Vendor Homepage: [https://wordpress.org/support/topic/plugin-easy-comment-uploads-got-hacked-because-of-this-plugin] # Software Link: [-] # Version: [-] # Tested on: [Win 8.1/Google chrome] # CVE : [-] ######################################################## # DISCRIPTION: Hello Guys.You Can Upload Deafce Oage Or Your Shell.When You Uploaded Your Files # You Have To Go To This Section. # [/wp-content/uploads/2015/]. # Please Pay Attention.Today Is 06/11/2015.If You Going To Upload Your Files In One Month Later # The Link Of Your Files Will Be # [/wp-content/uploads/2015/07]. # GooD LucK My Friends. ######################################################## # Demo: # https://www.fairyhouses.Xcom/wp-content/plugins/easy-comment-uploads/upload-form.php # http://www.mukorom.inXfo/wp-content/plugins/easy-comment-uploads/upload-form.php # http://www.toiwhakaarXi.ac.nz/wp-content/plugins/easy-comment-uploads/upload-form.php # http://www.ritalee.coXm.br/blog/wp-content/plugins/easy-comment-uploads/upload-form.php # http://www.asecretgXiftbook.com/wp-content/plugins/easy-comment-uploads/upload-form.php # http://www.wildschXoenau.tv/wp-content/plugins/easy-comment-uploads/upload-form.php # http://www.nekudXathibur.com/wp-content/plugins/easy-comment-uploads/upload-form.php ######################################################## # Thanks to : C0d3!Nj3ct!0N | REX | abarestan | GrYpHoN | BLACKH4T # We Are Guardiran Security Team # Discovered By:DeMoN ########################################################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top