Wednesday, 15 January 2014

Wordpress: Easy-Comment-Upload

Hello guys, today i'm going to share an upload vulnerability exploit in wordpress. but today i'm not going to write a long tutorial, but just give you the important points of the exploit.

Finding Vulnerable Target

Dorks:  "inurl:/wp-content/plugins/easy-comment-uploads/upload-form.php" 
              Index of /wp-content/plugins/easy-comment-uploads

Exploiting Target

Exploit : /wp-content/plugins/easy-comment-uploads/upload-form.php

You can upload .txt files and images to the sites, but only certain site can be upload shell using tamper data.

After you have successfully uploaded your file, your file will be at


Example :

That's all. Hope you understand. 

Have a problem? leave a comment below :D