WordPress Plugin Lazy SEO 1.1.9 – Arbitrary File Upload

• Exploit Database
• 14 阅读

• 作者： Ashiyane Digital Security Team
  日期： 2013-09-22
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/28452/

• #######################################################################
  # Exploit Title :WordPress Lazy SEO plugin Shell Upload Vulnerability
  #
  # Exploit Author : Ashiyane Digital Security Team
  #
  # Google Dork: : inurl:/wp-content/plugins/lazy-seo/
  #
  # Date: 2013/09/21
  #
  # Vendor Homepage : http://wordpress.org/plugins/lazy-seo
  #
  # Software Link : http://downloads.wordpress.org/plugin/lazy-seo.1.1.9.zip
  #
  # Version : 1.1.9
  #
  # Tested on: Windows
  #
  ##############
  #
  #Location: Site/wp-content/plugins/lazy-seo/lazyseo.php
  #
  ##############
  #1.Go to address : Site/wp-content/plugins/lazy-seo/lazyseo.php
  #2.Click on Browse...
  #3.Select Shell Code
  #3.Complete the fields
  #4.Press Enter
  #5.Shell Address : wp-content/plugins/lazy-seo/Shell.php
  ##############
  #
  # Discovered By : ACC3SS
  #
  ##############