WordPress Easy Comment Plugin- Remote File Upload Vulnerability Tutorial
Thursday, July 05, 2012
By
I.D.A
Today im gonna tell you one more WordPress, file upload vulnerability, which occurs in Easy Comment Plugin.
So now lets begin:-
Live Demo:-
Feel Free To Leave A Comment If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You!
So now lets begin:-
- Firstly, you have to find some vulnerable sites, using Google Dork:- inurl:/wp-content/plugins/easy-comment-uploads/upload-form.php.
- You will get many vulnerable sites, I have already one, your vulnerable site would look something like this http://www.example.com/wp-content/plugins/easy-comment-uploads/upload-form.php .
- Then upload your deface page or image or any thing you want, but in some sites you can only upload limited numbers of file types.
- Then, to find your uploaded file go to http://www.example.com/wp-content/uploads/, it would look, similar to this. If doesn't, then try with another site.
- After that, open the year directory. In my case, I uploaded the file in 2012, so i'll open 2012.
- Then after that select the month.
- Then select open your uploaded file.
- BANG !! Now you have successfully done.
- First Step Upload your file http://www.roflsiri.com/wp-content/plugins/easy-comment-uploads/upload-form.php
- Then access your uploaded file http://www.roflsiri.com/wp-content/uploads/2012/07/web_ruler.txt
Feel Free To Leave A Comment If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You!
Written by CK Admins
Computer Korner is an open knowledge sharing site, where the we try to share our experience with IT, Security, Networking, System Administration tasks faced in day to day life. Articles from visitors are highly appreciated. Contact Us at : Click Here
![Admin Login Page Finder [FIND HIM]](http://3.bp.blogspot.com/-GhtWWRl4-xU/UB0hynJzAQI/AAAAAAAAAlA/7awzEtAFL0w/s72-c/mysqladded.PNG){kind=small}
0 comments: