WordPress Lazy SEO 1.1.9 Shell Upload

2013-09-22T00:00:00
ID PACKETSTORM:123349
Type packetstorm
Reporter Ashiyane Digital Security Team
Modified 2013-09-22T00:00:00

Description

                                        
                                            `#######################################################################  
# Exploit Title : Wordpress Lazy SEO plugin Shell Upload Vulnerability  
#  
# Exploit Author : Ashiyane Digital Security Team  
#  
# Google Dork: : inurl:/wp-content/plugins/lazy-seo/  
#  
# Date: 2013/09/21  
#  
# Vendor Homepage : http://wordpress.org/plugins/lazy-seo  
#  
# Software Link : http://downloads.wordpress.org/plugin/lazy-seo.1.1.9.zip  
#  
# Version : 1.1.9  
#  
# Tested on: Windows  
#  
##############  
#  
#Location: Site/wp-content/plugins/lazy-seo/lazyseo.php  
#  
##############  
#1.Go to address : Site/wp-content/plugins/lazy-seo/lazyseo.php  
#2.Click on Browse...  
#3.Select Shell Code  
#3.Complete the fields  
#4.Press Enter  
#5.Shell Address : wp-content/plugins/lazy-seo/Shell.php  
##############  
# Demo:  
#  
# http://www.discomaximus.com/wp-content/plugins/lazy-seo/lazyseo.php  
#  
# http://noteclosing.com/wp-content/plugins/lazy-seo/lazyseo.php  
  
##############  
#  
# Discovered By : ACC3SS  
#  
##############  
`