Jump to content
Praetorian503

WordPress SB Uploader 3.9 Shell Upload

By Praetorian503, in Exploituri

Recommended Posts

Praetorian503 Newbie

Praetorian503

Posted
Posted

WordPress SB Uploader version 3.9 suffers from an arbitrary file upload vulnerability.

# Exploit Title: WordPress SB Uploader 3.9 Arbitrary File Upload Vulnerability
# Exploit Author: Evil aXe
# http://www.facebook.com/iChocolate.lips
# Date: 30/12/12
# Greetz: R3x0Man, Shadman tanjim, Shahee Mirza, JingoBD, ManInDark And All Crew and Members of Bangladesh Cyber Army.
# Software Link: http://wordpress.org/extend/plugins/sb-uploader/
# Version: 3.9
# Category: webapps
# Tested on: [Windows 7]
# Google Dork : "inurl:plugins/sb-uploader"

=====================
Vulnerability : Arbitrary File Upload Vulnerability
=====================
Exploit Details :
=====================

1. Register
2. Login [Confirm your email then login]
3. Add a New post
4. Write title,body something what you want 
5. Look at the Right slidbar " SB Uploader" panel and upload your file 
6. Publish the post
7. You file is uploaded here : /wp/wp-content/uploads/2012/02/yourfile[.]ext

=====================
p0c: localhost/wp/wp-content/uploads/2012/12/cOol.htm
=====================
♥ BCA ♥

Source: PacketStorm

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...