WordPressEasy Comment Plugin- Remote File Upload Vulnerability
So now lets begin:-
Firstly, you have to find some vulnerable sites, using
Google Dork:
inurl:/wp-content/plugins/easy-comment-uploads/upload-form.php.
“inurl:easy-comment-uploads/upload-form.php”
You will get many vulnerable sites, I have already one, your vulnerable site would look something like this
http://www.example.com/wp-content/plugins/easy-comment-uploads/upload-form.php .
Then upload your deface page or image or any thing you want, but in some sites you can only upload limited numbers of file types.
Then, to find your uploaded file go to http://www.example.com/wp-content/uploads/, it would look, similar to this. If doesn't, then try with another site.
After that, open the year directory. In my case, I uploaded the file in 2017, so i'll open 2017.
Then after that select the month.
Example :
First Step Upload your file http://www.example.com/wp-content/plugins/easy-comment-uploads/upload-form.php
Then access your uploaded file http://www.example.com/wp-content/uploads/2012/07/file
Demo :
https://www.fairyhouses.com/wp-content/uploads/2017/03/404.txt
http://phithan-toyota.com/toyota/wp-content/uploads/2017/03/404.txt
http://www.doudog.net/wp-content/uploads/2017/03/404.txt
Post a Comment