Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormJingoBDPACKETSTORM:110103
HistoryFeb 23, 2012 - 12:00 a.m.

WordPress Magn WP Drag And Drop Shell Upload

2012-02-2300:00:00
JingoBD
packetstormsecurity.com
33
JSON
`[x] Wordpress Magn WP Drag and Drop Upload Shell Upload Vulnerability  
[x] Author: JingoBD [http://facebook.com/life.is.code]  
[x] Bangladesh Cyber Army  
[x] Download Link:  
http://wordpress.org/extend/plugins/magn-html5-drag-and-drop-media-uploader/  
[x] Version : 0.9 (Last Version)  
[x] Tested On: Linux(Ubuntu) & Win7 32  
  
-[Exploit]-:  
[*] Dork: No Dork For Kids. :p  
[*] Register vulnerable site. www.site.com/wp-register.php [N.B: If  
public registration disable This exploit is not work]  
[*] Confrim your email, then login.  
[*] Add a new post and Drag and Drop your shell[PHP SHELL] in  
Drag,Drop Box. It show Error.  
[*] Your shell:  
http://localhost/wp-content/plugins/magn-html5-drag-and-drop-media-uploader/temp/SHELL.php  
  
=================================================================  
We Are: --| Bedu33n, N!1l Rex0Man, ManInDark, Escape X0ne(Eclipse ),  
Desert_Rose, 00xnull, 34GL3_3Y3, 5!L3NT @55@55!N, s1l3n7 BD, Rudr0  
Akash, p5YcH0 d0d93r, Tr0oN |--  
=================================================================  
BANGLADESH CYBER ARMY  
http://facebook.com/BDCyberArmy  
`
JSON