Wordpress Lazy SEO plugin Shell Upload Vulnerability

2013-09-23T00:00:00
ID 1337DAY-ID-21270
Type zdt
Reporter Ashiyane
Modified 2013-09-23T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            #######################################################################
# Exploit Title :  Wordpress Lazy SEO plugin Shell Upload Vulnerability
#
# Exploit Author : Ashiyane Digital Security Team
#
# Google Dork: : inurl:/wp-content/plugins/lazy-seo/
#
# Date: 2013/09/21
#
# Vendor Homepage : http://wordpress.org/plugins/lazy-seo
#
# Software Link : http://downloads.wordpress.org/plugin/lazy-seo.1.1.9.zip
#
# Version : 1.1.9
#
# Tested on: Windows
#
##############
#
#Location: Site/wp-content/plugins/lazy-seo/lazyseo.php
#
##############
#1.Go to address : Site/wp-content/plugins/lazy-seo/lazyseo.php
#2.Click on Browse...
#3.Select Shell Code
#3.Complete the fields
#4.Press Enter
#5.Shell Address : wp-content/plugins/lazy-seo/Shell.php
##############
#
# Discovered By : ACC3SS
#
##############

#  0day.today [2018-03-09]  #