exploit Title : WordPress Lazy SEO plugin Shell Upload Vulnerability
Exploit Author : Ashiyane Digital Security Team
Discovered By : ACC3SS
Google Dork: : inurl:/wp-content/plugins/lazy-seo/
Date: 2013/09/21
Vendor Homepage : http://wordpress.org/plugins/lazy-seo
Software Link : http://downloads.wordpress.org/plugin/lazy-seo.1.1.9.zip
Version : 1.1.9
Tested on: Windows

Location:

Site/wp-content/plugins/lazy-seo/lazyseo.php

1.Go to address : Site/wp-content/plugins/lazy-seo/lazyseo.php
2.Click on Browse…
3.Select Shell Code
3.Complete the fields
4.Press Enter
5.Shell Address : wp-content/plugins/lazy-seo/Shell.php

Demo:

http://www.dXus.com/wp-content/plugins/lazy-seo/lazyseo.php
http://noteclX.com/wp-content/plugins/lazy-seo/lazyseo.php