|~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Exploit Title : Wordpress Easyrotator Plugin File Manipulation Vulnerability
Exploit Author : 0x3a
Credit : Iran Cyber Security Group
Date : 8 May 2016
Version : 1.0.13
Vendor Home Page : www.wordpress.org/plugins/easyrotator-for-wordpress/
Download Link : www.downloads.wordpress.org/plugin/easyrotator-for-wordpress.1.0.13.zip
Tested On : Windows 10 , Mozillad FireFox
Category : Web Application
Dork : inurl:/wp-content/plugins/easyrotator-for-wordpress
|~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Vulnerable File :
[+]/engine/main.php
Vulnerable Function :
[+]processuploadedzip()
Velneable Code : (Line 2104)
[+]if (!@move_uploaded_file($_FILES['Filedata']['tmp_name'], $tempZipLocation))
Picture : s6.picofile.com/file/8250521092/Easyrotator.PNG
|~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Greetz To : MOHAMAD-NOFOZI , root3r , Sir.H4m1d And All Members OF Iran Cyber Security Group (WWW.IRAN-CYBER.NET)
Contact Us :
Telegram : @Haji_Was_Here
Yahoo : haj.0x3a