WordPress Simple Dropbox Upload plugin version 1.8.8 suffers from a remote shell upload vulnerability. Note that this advisory has site-specific information.
6334b152cfb68d40bcd930b489d0883ba0feb8d71bafd8b4126a6c3ae3d6d86e##############
# Exploit Title : Wordpress Simple Dropbox Upload plugin File Upload
#
# Exploit Author : Ashiyane Digital Security Team
#
# Download Link : http://wordpress.org/plugins/simple-dropbox-upload-form/
#
# Home : www.Ashiyane.org
#
# Version : 1.8.8
#
# Security Risk : High
#
# Dork : inurl:/wp-content/plugins/simple-dropbox-upload-form/
#
# Tested on: Linux
##############
#Location: Site/wp-content/plugins/simple-dropbox-upload-form/multi.php
##############
#1.run the Firefox browser
#2.Then Add-ons Live HTTP headers in Firefox Install >>
#https://addons.mozilla.org/en-us/firefox/addon/live-http-headers/
#3.Now the run Add-ons Live HTTP headers
#4.Then go to this page site/[path]/wp-content/plugins/simple-dropbox-upload-form/multi.php?&height=500&width=1000&TB_iframe=true
#5.Click the Choose File button Then select a file [shell.jpg]
#6.Then click on the Start upload button
#7.Now using Live HTTP headers uploaded files to PHP change [shell.php]
#8.Find your Shell site/wp-content/uploads/wpdb/shell.php
##############
#DEm0:
# http://www.afterglowprod.com/wp-content/plugins/simple-dropbox-upload-form/multi.php?&height=500&width=1000&TB_iframe=true
# http://www.gcca.org/wp-content/plugins/simple-dropbox-upload-form/multi.php?&height=500&width=1000&TB_iframe=true
##############
#Greetz to: My Lord ALLAH
##############
#
# Discovered By : Amirh03in
#
##############
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed