[ [MOWPOP] Plugin WP-CONTENT In WordPress Upload Exploitation

Siamak.Black

عضو متعهد

تاریخ عضویت: May 2012

نوشته: 204
- اشتراک
- توییت
#1

[ [MOWPOP] Plugin WP-CONTENT In WordPress Upload Exploitation

05-19-2012, 04:54 PM

باگهای اپلودر وورد پرس معمولا تو پلاگینش زیادن یکیش این mow pop هست
دورک

کد PHP: [align=LEFT] inurl:mow pop
[/align] یا
کد PHP: inurl:wp-content/plugins/mowpop/submit.php

##################################################
# Exploit Title: [ [MOWPOP] Plugin WP-CONTENT In WordPress Upload Exploitation]
# Date: [03-04-2012]
# Author: [ Hacker-Fire ]
# Category:: [ webapps]
# Google dork: [inurl:mowpop]
# Greetz Milw0rm : 1337day.com
# Demo site:
[1-http://www.updatedeinleben.com/wp-content/plugins/mowpop/submit.php]
[2-http://my-air-conditioner.com/wp-content/plugins/mowpop/submit.php]
[3-http://jennysweets.com/blog/wp-content/plugins/mowpop/submit.php]
# Tested on: [Windows & Linux ]
##################################################

1- Go to a website with the google dork and modify all url (without domain) with “/wp-content/plugins/mowpop/submit.php”
2- Take your Shell.php in text fields.

3- Open Tamper Data or HTTP Live Header.

4- Capture or Alter the upload.

5- Modify the content type with: “image/gif”

6- Drag’n'drop the borken picture obtained in the url bar.

7- Go to the url.

8- Ascend to the index.php with “..” url.

9- Upload your deface

به پایان رسیدیم اما نکردیم آغاز
فرو ریخت پرها نکردیم پرواز
برچسب ها: هیچ یک

اطلاعیه

[ [MOWPOP] Plugin WP-CONTENT In WordPress Upload Exploitation

[ [MOWPOP] Plugin WP-CONTENT In WordPress Upload Exploitation