WordPress dzs-zoomsounds Plugins Remote File Upload Vulnerability

# Vendor : http://digitalzoomstudio.net/docs/wpzoomsounds/
# Author: bl4ck-dz
# Date: 28/05/2015
# Infected File: upload.php
# Category: webapps

Dork:
 inurl:/wp-content/plugins/dzs-zoomsounds
/wp-content/plugins/dzs-zoomsounds/apfull.swf
(use your brains...!!)

Exploit :

https://site.co.li/wp-content/plugins/dzs-zoomsounds/admin/upload.php
 
Ciri ciri VULN?
cantik, sholeha , bisa masak , bening , sangar di ranjang, dan yang pasti setia.. :v ( itu mah ciri2 istri idaman)
wkwkw ciri2 vuln: not for direct access

kalo udah dapet yang vuln , langsung copy Script CSRF Upload dibawah ini

http://pastebin.com/raw/KzexiTAv

*save dengan .html (file.html)
jika udah.. buka via web broswer
dan upload dah file kamu (ane sarankan klo mau upload shell extnya .phtml)

klo hasilnya file uploaded berarti sukses

 klo keluarnya invalid extension - disallowed_filetypes brarti gagal :v

file akses : site.co.li/[patch]/wp-content/plugins/dzs-zoomsounds/admin/upload/(nama file kamu)
site.co.li/wp-content/plugins/dzs-zoomsounds/admin/upload/(nama file kamu)


demo :

http://www.yegob.rw/wp-content/plugins/dzs-zoomsounds/admin/upload/

Sumber : muntilanitsec