Vulners
Lucene search
WordPress SB Uploader Shell Upload
`=================================================================
# Title: Wordpress SB Uploader Plugin Shell Upload Vulnerability
# Author: JingoBD
# Category: webapps
# Team: Bangladesh Cyber Army
# Greetz: Bedu33n,N!1L,Rex0Man & All Member of BCA.
# http://facebook.com/life.is.code
# Plugin URI: http://wordpress.org/extend/plugins/sb-uploader/
# Plugin Description: Allows the simple uploading of images to posts,
pages, categories and custom post types/taxonomies. Provides
shortcodes and PHP functions for easy addition to your site.
# Version: 3.2 (Last Version)
# Risk : High
Tested on: Linux (Ubuntu)
--------------------------------
-[Exploit]-:
1. Dork: inurl:plugins/sb-uploader
2. Register vulnerable site. www.site.com/wp-register.php [N.B: If
public registration disable This exploit is not work]
3. Confrim your email, then login.
4. Add a new post. title,body something if you want. Look right
slidbar "SB Uploader" panel and upload a shell[PHP Shell]. Then
publish this post.
5. Now You get a new url. like: ""
Existing Post Image URL: /wp/wp-content/uploads/2012/02/img1.php
That is your shell Link. ""
---------------------------------
Thanks to ALLAH, who give me knowledge.
Long Live Bangladesh
My team Facebook Group: http://facebook.com/groups/bdcyberarmy
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
22 Feb 2012 00:00Current
7.4High risk
Vulners AI Score7.4