Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Wordpress SB Uploader Plugin Shell Upload Vulnerability

🗓️ 22 Feb 2012 00:00:00Reported by RootType 
seebug
 seebug🔗 www.seebug.org👁 42 Views

Wordpress SB Uploader Plugin Shell Upload Vulnerability, High Risk, Allows Image Uploading, PHP Shel

Code

                                                =================================================================
# Title: Wordpress SB Uploader Plugin Shell Upload Vulnerability
# Author: JingoBD
# Category: webapps
# Team: Bangladesh Cyber Army
# Greetz: Bedu33n,N!1L,Rex0Man & All Member of BCA.
# http://facebook.com/life.is.code
# Plugin URI: http://wordpress.org/extend/plugins/sb-uploader/
# Plugin Description: Allows the simple uploading of images to posts,
pages, categories and custom post types/taxonomies. Provides
shortcodes and PHP functions for easy addition to your site.
# Version: 3.2 (Last Version)
# Risk : High
Tested on: Linux (Ubuntu)
--------------------------------
-[Exploit]-:
1. Dork: inurl:plugins/sb-uploader
2. Register vulnerable site. www.site.com/wp-register.php [N.B: If
public registration disable This exploit is not work]
3. Confrim your email, then login.
4. Add a new post. title,body something if you want. Look right
slidbar "SB Uploader" panel and upload a shell[PHP Shell]. Then
publish this post.
5. Now You get a new url. like: ""
Existing Post Image URL: /wp/wp-content/uploads/2012/02/img1.php
That is your shell Link. ""
---------------------------------
Thanks to ALLAH, who give me knowledge.
Long Live Bangladesh
My team Facebook Group: http://facebook.com/groups/bdcyberarmy

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
22 Feb 2012 00:00Current
7.1High risk
Vulners AI Score7.1
wordpresssb uploadershell uploadvulnerabilityhigh riskimage uploadingphp shellbangladesh cyber armyubuntuexploit
42