Wordpress Plugin Wp-FileManager 1.2 Remote Upload Vulnerability

2008-01-06 00:00:00

######################################################################################
# AUTHOR : H-T TeaM {HouSSaMix _ ToXiC350} #
# HOME : http://no-hack.net #
# Script : Wordpress Plugin Wp-FileManager #
# Download : http://downloads.wordpress.org/plugin/wp-filemanager.1.2.zip #
# BUG : Remote File Upload Vulnerability [ Shell Upload Exploit ] #
######################################################################################

(~)| 3xpl0it4t10n :

This file allowed you to upload directly a PHP script or anything you want it

You have just to enter into :

http://[TARGEt]/[path_wordpress]/wp-content/plugins/wp-filemanager/ajaxfilemanager/ajaxfilemanager.php

After uploading you evil script you will find it in this directory :

http://[TARGEt]/[path_wordpress]/uploaded/[evil].(php)


HeRe we are some dorks :

plugins/wp-filemanager/
inurl:/wp-filemanager/




# greezt : GoLd_M , RoMaNcYxHaCkEr , DDos , and all muslims Hackers



######################################################################################
# H-T TeaM {HouSSaMix _ ToXiC350} #
######################################################################################

#

Fixes

No fixes

In order to submit a new fix you need to be registered.